Moritz Muehlenhoff wrote: > There are two things of special interest to Debian: > > - Verify the Sarge status of vulnerabilities: > http://idssi.enyo.de/tracker/status/release/oldstable?hide_nodsa=1 > > They are derived from the unstable data and should be checked/verified > if really all of these apply to Sarge. (e.g. sometimes older versions > don't include vulnerable code) > > - In the short/mid-term I'm planning to work on a better QA process with more > external participants. There's a delay of up to a couple of days between > the time, when a package is initially built and the release of the fixed > package. Large installations like Munich could receive the packages prior > to release and provide testing/QA feedback in return. So, participating > in this would be very much appreciated once the infrastructure is in place. > (This would be limited to publicly known vulnerabilities, which is > 80%) > Sounds good. Although we do only use a small subset of the sarge repositories, i can definitely do this. A collaboration would be very worthwile for all parties involved!
Is there already a certain timeframe you are thinking of? Regards, Florian _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
