[Secure-testing-commits] r12983 - lib/python
Author: fw Date: 2009-10-11 10:23:56 + (Sun, 11 Oct 2009) New Revision: 12983 Modified: lib/python/web_support.py Log: lib/python/web_support.py (WebServiceBase): new class Factored common functionality into base class, in preparation of alternative invocation methods. Modified: lib/python/web_support.py === --- lib/python/web_support.py 2009-10-10 23:42:52 UTC (rev 12982) +++ lib/python/web_support.py 2009-10-11 10:23:56 UTC (rev 12983) @@ -599,10 +599,9 @@ write(Content-Type: %s\n\n % self.mimetype) write(self.contents) -class WebService(Service): -def __init__(self, socket_name): -Service.__init__(self, socket_name) -self.__router = PathRouter() +class WebServiceBase: +def __init__(self): +self.router = PathRouter() def register(self, path, method): Requests that method is invoked if path is encountered. @@ -616,12 +615,8 @@ The method is expected to return a HTMLResult object. -self.__router.register(path, method) +self.router.register(path, method) -def __writeError(self, result, code, msg): -result.write('Status: %d\nContent-Type: text/plain\n\n%s\n' - % (code, msg)) - def html_dtd(self): Returns the DOCTYPE declaration to be used for HTML documents. Can be overridden. @@ -654,6 +649,16 @@ Invoked by handle prior to calling the registered handler. pass +class WebService(Service, WebServiceBase): +CGI service implemented using servinvoke +def __init__(self, socket_name): +Service.__init__(self, socket_name) +WebServiceBase.__init__(self) + +def __writeError(self, result, code, msg): +result.write('Status: %d\nContent-Type: text/plain\n\n%s\n' + % (code, msg)) + def handle(self, args, environment, data, result): params = cgi.parse(data, environment) path = environment.get('PATH_INFO', '') @@ -664,7 +669,7 @@ script_name = environment.get('SCRIPT_NAME', '') try: -(method, remaining) = self.__router.get(path) +(method, remaining) = self.router.get(path) except InvalidPath: self.__writeError(result, 404, page not found) return ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12984 - lib/python
Author: fw Date: 2009-10-11 12:02:02 + (Sun, 11 Oct 2009) New Revision: 12984 Modified: lib/python/web_support.py Log: lib/python/web_support.py (WebServiceHttp): implement HTTP invocation Introduces flatten_later helper methods in Result objects. Modified: lib/python/web_support.py === --- lib/python/web_support.py 2009-10-11 10:23:56 UTC (rev 12983) +++ lib/python/web_support.py 2009-10-11 12:02:02 UTC (rev 12984) @@ -26,6 +26,9 @@ import traceback import types import urllib +import threading +import SocketServer +import BaseHTTPServer class ServinvokeError(Exception): pass @@ -556,6 +559,13 @@ def flatten(self, write): pass +def flatten_later(self): +Flattens this result. + +Returns a closure which sends the result using a +BaseHTTPRequestHandler object passed as argument. +pass + class RedirectResult(Result): Permanently redirects the browser to a new URL. def __init__(self, url, permanent=True): @@ -568,6 +578,13 @@ def flatten(self, write): write(Status: %d\nLocation: %s\n\n % (self.status, self.url)) +def flatten_later(self): +def later(req): +req.send_response(self.status) +req.send_header('Location', self.url) +req.end_headers() +return later + class HTMLResult(Result): An object of this class combines a status code with HTML contents. def __init__(self, contents, status=200, doctype=''): @@ -584,6 +601,19 @@ write(Content-Type: text/html\n\n%s\n % self.doctype) self.contents.flatten(write) +def flatten_later(self): +buf = cStringIO.StringIO() +buf.write(self.doctype) +buf.write('\n') +self.contents.flatten(buf.write) +buf = buf.getvalue() +def later(req): +req.send_response(self.status) +req.send_header('Content-Type', 'text/html; charset=UTF-8') +req.end_headers() +req.wfile.write(buf) +return later + class BinaryResult(Result): An object of this class combines a status code with HTML contents. def __init__(self, contents, status=200, @@ -599,6 +629,13 @@ write(Content-Type: %s\n\n % self.mimetype) write(self.contents) +def flatten_later(self): +def later(req): +req.send_response(self.status) +req.send_header('Content-Type', self.mimetype) +req.wfile.write(self.contents) +return later + class WebServiceBase: def __init__(self): self.router = PathRouter() @@ -679,6 +716,80 @@ assert isinstance(r, Result), `r` r.flatten(result.write) +class ThreadingHTTPServer(BaseHTTPServer.HTTPServer, + SocketServer.ThreadingMixIn): +pass + +RE_BASE_URL = re.compile(r'^http://([^/]+)(.*)') + +class WebServiceHTTP(WebServiceBase): +def __init__(self, socket_name): +WebServiceBase.__init__(self) +(base_url, address, port) = socket_name +self.lock = threading.Lock() + +self.__parse_base_url(base_url) + +service_self = self +class Handler(BaseHTTPServer.BaseHTTPRequestHandler): +def do_GET(self): +(method, path, remaining, params) = self.route() +if path is None: +return + +url = URLFactory(service_self.server_name, + service_self.script_name, + path, params) + +service_self.lock.acquire() +try: +service_self.pre_dispatch() +r = method(remaining, params, url) +assert isinstance(r, Result), `r` +result = r.flatten_later() +finally: +service_self.lock.release() +result(self) + +def __parse_path(self): +pos = self.path.find('?') +if pos 0: +return (self.path, {}) +path = self.path[:pos] +if path[:1] != '/': +path = '/' + path +params = cgi.parse_qs(self.path[pos + 1:]) +return (path, params) + +def route(self): +(path, params) = self.__parse_path() +prefix_len = len(service_self.script_name) +prefix = path[0:prefix_len] +result = None +if prefix == service_self.script_name: +suffix = path[prefix_len:] +try: +(method, remaining) = \ +service_self.router.get(suffix) +return (method, suffix, remaining, params) +except InvalidPath: +pass +
[Secure-testing-commits] r12985 - bin
Author: fw Date: 2009-10-11 12:04:15 + (Sun, 11 Oct 2009) New Revision: 12985 Modified: bin/tracker_service.py Log: bin/tracker_service.py: implement HTTP invocation The old command line arguments still create a servinvoke-based service. Modified: bin/tracker_service.py === --- bin/tracker_service.py 2009-10-11 12:02:02 UTC (rev 12984) +++ bin/tracker_service.py 2009-10-11 12:04:15 UTC (rev 12985) @@ -2,18 +2,27 @@ import sys sys.path.insert(0,'../lib/python') - -if len(sys.argv) 3: -print usage: python tracker_serivce.py SOCKET-PATH DATABASE-PATH -sys.exit(1) -socket_name = sys.argv[1] -db_name = sys.argv[2] - import bugs import re import security_db from web_support import * +if len(sys.argv) not in (3, 5): +print usage: python tracker_service.py SOCKET-PATH DATABASE-PATH +printpython tracker_service.py URL HOST PORT DATABASE-PATH +sys.exit(1) +if len(sys.argv) == 3: +socket_name = sys.argv[1] +db_name = sys.argv[2] +webservice_base_class = WebService +else: +server_base_url = sys.argv[1] +server_address = sys.argv[2] +server_port = int(sys.argv[3]) +socket_name = (server_base_url, server_address, server_port) +db_name = sys.argv[4] +webservice_base_class = WebServiceHTTP + class BugFilter: default_action_list = [(hide_medium_urgency, lower urgencies), (hide_non_remote, local vulnerabilities)] @@ -62,7 +71,7 @@ Returns True if no DSA will be issued for the bug. return nodsa and self.params['hide_nodsa'] -class TrackerService(WebService): +class TrackerService(webservice_base_class): head_contents = compose(STYLE( h1 { font-size : 144%; } h2 { font-size : 120%; } @@ -94,7 +103,7 @@ ''')).toHTML() def __init__(self, socket_name, db_name): -WebService.__init__(self, socket_name) +webservice_base_class.__init__(self, socket_name) self.db = security_db.DB(db_name) self.register('', self.page_home) self.register('*', self.page_object) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12986 - bin
Author: fw Date: 2009-10-11 12:05:22 + (Sun, 11 Oct 2009) New Revision: 12986 Modified: bin/test-web-server Log: bin/test-web-server: switch to HTTP invocation Modified: bin/test-web-server === --- bin/test-web-server 2009-10-11 12:04:15 UTC (rev 12985) +++ bin/test-web-server 2009-10-11 12:05:22 UTC (rev 12986) @@ -4,44 +4,14 @@ server_port=10605 service=tracker_service.py -thttpd=/usr/sbin/thttpd +url=http://localhost:$server_port/tracker; -if ! command -v mktemp /dev/null ; then -echo 'error: mktemp required' -exit 1 -elif ! command -v servinvoke /dev/null ; then -echo 'error: servinvoke required' -exit 1 -elif ! test -x $thttpd ; then -echo 'error: thttpd required' -exit 1 -fi - -bindir=`dirname $0` +bindir=`dirname $0` if ! test -r $bindir/$service ; then echo error: failed to locate bin directory (tried $bindir) exit 1 fi -webroot=`mktemp -d` -if ! test -d $webroot ; then -echo error: invalid TMPDIR setting -rm -rf -- $webroot -exit 1 -fi -trap rm -rf $webroot 0 -cat $webroot/tracker EOF -#!/usr/bin/servinvoke - -copy-env -target-unix $webroot/service-socket -EOF -chmod 755 $webroot/tracker -$thttpd -h localhost -p $server_port -c tracker \ --d $webroot -l $webroot/log -i $webroot/pid -echo URL: http://localhost:$server_port/tracker; - cd $bindir -python $service $webroot/service-socket ../data/security.db || true -read pid $webroot/pid -kill $pid +echo URL: $url +python $service $url localhost $server_port ../data/security.db || true ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12987 - lib/python
Author: fw Date: 2009-10-11 12:52:56 + (Sun, 11 Oct 2009) New Revision: 12987 Modified: lib/python/web_support.py Log: lib/python/web_support.py (BinaryResult_later): call end_headers() Modified: lib/python/web_support.py === --- lib/python/web_support.py 2009-10-11 12:05:22 UTC (rev 12986) +++ lib/python/web_support.py 2009-10-11 12:52:56 UTC (rev 12987) @@ -633,6 +633,7 @@ def later(req): req.send_response(self.status) req.send_header('Content-Type', self.mimetype) +req.end_headers() req.wfile.write(self.contents) return later ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12988 - / data data/nvd
Author: fw Date: 2009-10-11 17:40:16 + (Sun, 11 Oct 2009) New Revision: 12988 Added: data/nvd/ Modified: Makefile Log: Makefile: add update-nvd target Modified: Makefile === --- Makefile2009-10-11 12:52:56 UTC (rev 12987) +++ Makefile2009-10-11 17:40:16 UTC (rev 12988) @@ -134,3 +134,10 @@ $(PYTHON) bin/apt-update-file \ $(BACKPORTS_MIRROR)/lenny-backports/main/binary-armel/Packages \ data/packages/lenny-backports__main_armel_Packages + +update-nvd: + for x in $$(seq 2002 $$(date +%Y)) ; do \ + name=nvdcve-$$x.xml; \ + wget -q -Odata/nvd/$$name http://nvd.nist.gov/download/$$name || true; \ + done + python bin/update-nvd data/nvd/nvdcve-200*.xml Property changes on: data/nvd ___ Added: svn:ignore + nvdcve-*.xml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12989 - data/CVE
Author: fw Date: 2009-10-11 17:54:48 + (Sun, 11 Oct 2009) New Revision: 12989 Modified: data/CVE/list Log: CVE-2009-3602: unbound Modified: data/CVE/list === --- data/CVE/list 2009-10-11 17:40:16 UTC (rev 12988) +++ data/CVE/list 2009-10-11 17:54:48 UTC (rev 12989) @@ -1,3 +1,6 @@ +CVE-2009-3602 [NSEC3 validation bypass in Unbound] + - unbound unfixed (low) + NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html CVE-2009- [possible DoS in django caused by regex starving resources] - python-django 1.1.1-1 (medium; bug #550457) [etch] - python-django not-affected (introduced in 1.0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12990 - /
Author: fw Date: 2009-10-11 17:57:36 + (Sun, 11 Oct 2009) New Revision: 12990 Modified: Makefile Log: Makefile: add update-lists target Modified: Makefile === --- Makefile2009-10-11 17:54:48 UTC (rev 12989) +++ Makefile2009-10-11 17:57:36 UTC (rev 12990) @@ -135,6 +135,9 @@ $(BACKPORTS_MIRROR)/lenny-backports/main/binary-armel/Packages \ data/packages/lenny-backports__main_armel_Packages +update-lists: + svn update -q data + update-nvd: for x in $$(seq 2002 $$(date +%Y)) ; do \ name=nvdcve-$$x.xml; \ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12991 - /
Author: fw Date: 2009-10-11 18:08:09 + (Sun, 11 Oct 2009) New Revision: 12991 Modified: Makefile Log: Makefile: rename target update-stable-packages to update-stable Modified: Makefile === --- Makefile2009-10-11 17:57:36 UTC (rev 12990) +++ Makefile2009-10-11 18:08:09 UTC (rev 12991) @@ -62,7 +62,7 @@ done ; \ done -update-stable-packages: +update-stable: set -e ; for rel in etch lenny ; do \ for archive in main contrib non-free ; do \ $(PYTHON) bin/apt-update-file \ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12992 - data/CVE
Author: fw Date: 2009-10-11 18:17:20 + (Sun, 11 Oct 2009) New Revision: 12992 Modified: data/CVE/list Log: CVE-2009-3474, CVE-2009-3475, CVE-2009-3476: fixed versions Modified: data/CVE/list === --- data/CVE/list 2009-10-11 18:08:09 UTC (rev 12991) +++ data/CVE/list 2009-10-11 18:17:20 UTC (rev 12992) @@ -249,23 +249,23 @@ {DSA-1895-2 DSA-1896-1 DSA-1895-1} - xmltooling 1.2.2-1 - opensaml removed - - opensaml2 unfixed + - opensaml2 2.2.1-1 - shibboleth-sp removed - - shibboleth-sp2 unfixed + - shibboleth-sp2 2.2.1+dfsg-1 CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...) {DSA-1895-2 DSA-1896-1 DSA-1895-1} - xmltooling 1.2.2-1 - opensaml removed - - opensaml2 unfixed + - opensaml2 2.2.1-1 - shibboleth-sp removed - - shibboleth-sp2 unfixed + - shibboleth-sp2 2.2.1+dfsg-1 CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...) {DSA-1895-2 DSA-1896-1 DSA-1895-1} - xmltooling 1.2.2-1 - opensaml removed - - opensaml2 unfixed + - opensaml2 2.2.1-1 - shibboleth-sp removed - - shibboleth-sp2 unfixed + - shibboleth-sp2 2.2.1+dfsg-1 [lenny] - opensaml no-dsa (Minor issue) TODO: next point update: [lenny] - opensaml 2.0-2+lenny1 CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12992 failed
The error message was: make: *** [all] Terminated ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12992 failed
The error message was: make: *** [all] Terminated ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12993 - bin
Author: fw Date: 2009-10-11 19:00:26 + (Sun, 11 Oct 2009) New Revision: 12993 Modified: bin/tracker_service.py Log: bin/tracker_service.py (TrackerService.page_redirect): handle empty argument Modified: bin/tracker_service.py === --- bin/tracker_service.py 2009-10-11 18:17:20 UTC (rev 12992) +++ bin/tracker_service.py 2009-10-11 19:00:26 UTC (rev 12993) @@ -211,7 +211,10 @@ return self.page_object_or_redirect(url, obj, False) def page_redirect(self, path, params, url): -obj = path[0] +if path == (): +obj = '' +else: +obj = path[0] return self.page_object_or_redirect(url, obj, True) def page_object_or_redirect(self, url, obj, redirect): ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12994 - doc
Author: fw Date: 2009-10-11 19:38:42 + (Sun, 11 Oct 2009) New Revision: 12994 Added: doc/soler.txt Log: Documentation for the tracker setup on soler.debian.org Added: doc/soler.txt === --- doc/soler.txt (rev 0) +++ doc/soler.txt 2009-10-11 19:38:42 UTC (rev 12994) @@ -0,0 +1,57 @@ +Tracker setup on soler.debian.org += + +(This is internal documentation, in case things need to be fixed. +It is not relevant to day-to-day edting tasks.) + +Relevant files and directories +-- + +The tracker runs under the user ID sectracker. Most of its files +are stored in the directory /org/security-tracker.debian.org/website: + + bin/cron invoked by cron once every minute + bin/cron-hourly invoked by cron once every hour + bin/cron-daily invoked by cron once every day + bin/read-and-touch invoked by ~/.procmailrc + bin/start-daemon invoked by cron at reboot + + secure-testing Subversion checkout + secure-testing/bin/* main entry points, called bin bin/cron + secure-testing/stamps/* files which trigger processing by bin/cron + +~sectracker/.procmailrc invokes bin/read-and-touch to create stamp +files, which are then picked up by bin/cron. This is done to +serialize change events in batches (e.g., commits originated from +git-svn). sectrac...@security-tracker.debian.org is subscribed to +these mailing lists to be notified of changes: + + debian-security-annou...@lists.debian.org + secure-testing-commits.lists.alioth.debian.org + +The crontab of the sectracker user is set up such that the scripts +are invoked as specified above. + +Web server +-- + +80/TCP is handled by Apache. The Apache configuration is here: + + /org/security-tracker.debian.org/etc/apache.conf + +mod_proxy is used to forward requests to the actual server which +listens on 127.0.0.1:25648 and is started by the +/org/security-tracker.debian.org/website/bin/start-daemon script. + +debsecan metadata +- + +/org/security-tracker.debian.org/website/bin/cron contains code which +pushes updates to secure-testing-master, using rsync. + +Code updates + + +Updates to the Subversion checkout only affect the directory +/org/security-tracker.debian.org/website/secure-testing/data. +Code changes need to be applied manually, using svn update. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12995 - data/CVE
Author: derevko-guest Date: 2009-10-12 05:19:42 + (Mon, 12 Oct 2009) New Revision: 12995 Modified: data/CVE/list Log: CVE-2009-2702 fixed in kde4libs 4:4.3.2-1 Modified: data/CVE/list === --- data/CVE/list 2009-10-11 19:38:42 UTC (rev 12994) +++ data/CVE/list 2009-10-12 05:19:42 UTC (rev 12995) @@ -2874,7 +2874,7 @@ NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ...) - kdelibs unfixed (low; bug #546212) - - kde4libs unfixed (low; bug #546218) + - kde4libs 4:4.3.2-1 (low; bug #546218) [lenny] - kde4libs no-dsa (Minor issue) CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) ...) - zodb 1:3.9.0-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits