On Thu, Aug 29, 2013 at 11:59 AM, Martin Zobel-Helas wrote: > I am raising my hand here. I am willing to support the debian security > team. I will be able to do that during my paid work time, as my > employer, credativ, is backing this. > > Mid-term goal should be a Debian LTS version, but we can only achieve > this by enhancing the debian security team.
For yourself and anyone else who wants to get involved: Maintaining the security tracker data is a great way to start helping with security stuff: http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co https://security-tracker.debian.org/tracker/data/report Having debsecan (or a nagios check based on it) run on debian.org and credativ machines could be an interesting way forward. This is likely to require some triage of incoming issues since many of them are only a problem under specific conditions. The security audit efforts need reviving: http://www.debian.org/security/audit/ Targets for security updates can be found in the links on the front page of the security tracker: https://security-tracker.debian.org/tracker/ Procedures for security updates are in devref of course: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security The codesearch site is useful for finding code copies, which are documented in SVN: http://codesearch.debian.net/ https://wiki.debian.org/EmbeddedCodeCopies It is also useful for finding potentially vulnerable code or the presence of specific issues. Some other stuff on the wiki: https://wiki.debian.org/Teams/Security There are some efforts for running static analysis tools over the archive, which could be useful for finding more potential security issues. http://firewoes.debian.net/ http://qa.debian.org/daca/ -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6FZFpYagfYGYYSaQ6+_AfUSB1gaQzruJ9Suc6Fqv=u...@mail.gmail.com