On Mi, 2005-12-07 at 08:22 +0100, Daniel Holbach wrote: > Am Mittwoch, den 07.12.2005, 07:51 +0100 schrieb Shot - Piotr > Szotkowski: > > What is the proper way to file security-related bugs on universe > > packages? I filed #5297 (recent Trac vulnerabilities fixed in Debian) > > on December 2nd, and I see Daniel Holbach assigned the bug the next day, > > but now I'm wondering whether I can do anything more about it or will > > the bug get it's share of security love in due time. > > thanks for taking so much care of this and posting it to the list, you > clearly identified a bug in our processes.
Well, there is in fact a process of bringing security updates to breezy-security/universe. It is the UDU Spec UniverseSecurity [1]. The procedure is described here at [2], which covers BOTH main and universe. [1] https://wiki.ubuntu.com/UniverseSecurity [2] https://wiki.ubuntu.com/SecurityUpdateProcedures > What do you all think about forming a security team? As I envision it, > its members wouldn't have to be security experts per se, but get working > on those issues as soon as they happen. Often enough Debian and/or > Upstream are quick enough to fix it and we just have to make sure, we > follow up. > > I'd highly appreciate it, if a lot of us would volunteer for this. > Opinions? Who starts the team? In fact, we already have a universe-security team, but there is not much action happening there. The main reasons seems to lack of time. I'm quite busy with doing my regular MOTU stuff, but I'm submitting some packages there from time to time. I'm not sure if there is an canonical list of members in universe-security. We should perhaps create a launchpad group for that. -- Reinhard Tartler <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-motu mailing list [email protected] http://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
