Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Tue, 15 Mar 2005 11:48:53 +1100, Matthew Palmer <[EMAIL PROTECTED]> wrote: >I've seen no hesitation inducting new AMs, and I got solicited to be part of >the security team a couple of years ago which suggests that they're not >particularly picky about who they let in . A couple of years ago, we were much more open. If I would have to pass NM again today, I would drop out at the Skills stage. Today, people seem glued to their jobs, and even apply for more jobs while being already unable to fulfil the jobs they already hold. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Mon, Mar 14, 2005 at 07:26:58PM +0100, Marc Haber wrote: > On Mon, 14 Mar 2005 13:18:54 -0500, David Nusinow > <[EMAIL PROTECTED]> wrote: > >On Mon, Mar 14, 2005 at 05:57:05PM +, Matthew Garrett wrote: > >> Reasonable security support requires some degree of cooperation with the > >> current security team. Without that, vulnerabilities notifications won't > >> be available. > > > >Why can't porters join the security team? Then everyone benefits. > > Established Debian teams are traditionally extremely reluctant to > allow new people joining in. I've seen no hesitation inducting new AMs, and I got solicited to be part of the security team a couple of years ago which suggests that they're not particularly picky about who they let in . - Matt signature.asc Description: Digital signature
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
David Nusinow <[EMAIL PROTECTED]> wrote: > On Mon, Mar 14, 2005 at 05:57:05PM +, Matthew Garrett wrote: >> Reasonable security support requires some degree of cooperation with the >> current security team. Without that, vulnerabilities notifications won't >> be available. > > Why can't porters join the security team? Then everyone benefits. There's a fairly high bar of entry to the security team, for fairly justifiable reasons. People get very unhappy if advisories are leaked early, so it's necessary to have complete trust in the people involved. -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Mon, 14 Mar 2005 18:54:34 +0100, David Schmitt <[EMAIL PROTECTED]> wrote: >On Monday 14 March 2005 17:39, Frank Küster wrote: >> No testing, no release, no security support. For me, that is so close >> to "not support at all" that I hardly see the difference. > >No testing and release support by the current RMs and no security support by >the current security team. And existing infrastructure no longer available, needing hardware solicitation and re-inventing some wheels. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Mon, 14 Mar 2005 13:18:54 -0500, David Nusinow <[EMAIL PROTECTED]> wrote: >On Mon, Mar 14, 2005 at 05:57:05PM +, Matthew Garrett wrote: >> Reasonable security support requires some degree of cooperation with the >> current security team. Without that, vulnerabilities notifications won't >> be available. > >Why can't porters join the security team? Then everyone benefits. Established Debian teams are traditionally extremely reluctant to allow new people joining in. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Monday 14 March 2005 19:18, David Nusinow wrote: > On Mon, Mar 14, 2005 at 05:57:05PM +, Matthew Garrett wrote: > > Reasonable security support requires some degree of cooperation with the > > current security team. Without that, vulnerabilities notifications won't > > be available. > > Why can't porters join the security team? Then everyone benefits. You are completely right. Sadly this isn't as easy as it might seem: As far as I know from the local CERT, security teams need to sign NDAs to receive notifications before they are made public. Please also see my musings about security support in my 'Vision for the future' only a few mails further up this thread. Regards, David -- - hallo... wie gehts heute? - *hust* gut *rotz* *keuch* - gott sei dank kommunizieren wir über ein septisches medium ;) -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Mon, Mar 14, 2005 at 05:57:05PM +, Matthew Garrett wrote: > Reasonable security support requires some degree of cooperation with the > current security team. Without that, vulnerabilities notifications won't > be available. Why can't porters join the security team? Then everyone benefits. - David Nusinow -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
David Schmitt <[EMAIL PROTECTED]> wrote: > On Monday 14 March 2005 17:39, Frank Küster wrote: >> No testing, no release, no security support. For me, that is so close >> to "not support at all" that I hardly see the difference. > > No testing and release support by the current RMs and no security support by > the current security team. Any interested developer should be able to pick up > where the current powers that be have given up. Reasonable security support requires some degree of cooperation with the current security team. Without that, vulnerabilities notifications won't be available. -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Supporting tier-2 (was Re: COUNT(buildd) IN (2,3))
On Monday 14 March 2005 17:39, Frank Küster wrote: > David Schmitt <[EMAIL PROTECTED]> schrieb: > > On Monday 14 March 2005 16:27, Matthias Urlichs wrote: > >> Not when the alternate choice is to not have Debian support $ARCH at > >> all. > > > > Please cite where this was proposed. I read the original Nybbles mail > > (and a part of the current thread) but couldn't find the "at all" bit. > > No testing, no release, no security support. For me, that is so close > to "not support at all" that I hardly see the difference. No testing and release support by the current RMs and no security support by the current security team. Any interested developer should be able to pick up where the current powers that be have given up. > I would see things different if it was "Not part of the main testing > procedure" (using a different scheme), "Not necessarily released when > the tier 1 arches are released", "No support for tier 2 arches by the > tier 1 release managers and security teams, but we offer Debian > infrastructure for yet-to-form RM and Security teams for each tier 2 > arch". Those points either require coding (which cannot be forced upon anyone) or are not forbidden by the authors of the Nybbles proposal. Regards, David -- - hallo... wie gehts heute? - *hust* gut *rotz* *keuch* - gott sei dank kommunizieren wir über ein septisches medium ;) -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15