On Sat, Nov 19, 2011 at 08:18:41AM +0100, Javier Fernández-Sanguino Peña wrote: > On Fri, Nov 18, 2011 at 11:33:01AM -0800, Don Armstrong wrote: > > Is anything under http://www.debian.org/security/audit/ still > > relevant? [I'm asking because of #648595.] > > Yes, most under the audit/ dir is still relevant. Although: > > - The "old" infrastructure provided by Steve Kemp is no longer available > > - The project itself is stalled, and its previous members are no longer > actively working on it > > I suggest we should keep it since a new group could be formed and the goals > and past achievements stated in the audit/ web pages are relevant. > > Maybe we could highlight, however, that the audit effort is stalled. I sent > my last audit report on a vulnerability may 2009 (which I just noticed is > still unfixed), but the last information from the mailing list is from 2008 > IIRC.
Correction: Steve Kemp has continued with the audit effort and DSAs have been produced in 2008, 2009 and 2011 as a result of this: http://www.steve.org.uk/Security/Advisories/ I'm updating the audit/ information to reflect this too. Regards Javier PS: I'm also updating Steve's email address since the previous one doesn't work anymore.
signature.asc
Description: Digital signature