= Debian Security Teams Meeting 2008 =

 Date:: 2008-11-28 - 2008-11-30
 Location:: [[http://www.linux-hotel.de/|Linux-Hotel]], Essen, Germany
 Sponsoring:: Approval of DPL (travel, accommodation via [[http://www.spi-inc.org/|SPI]], Debian-UK and [[http://www.ffis.de/|ffis e.V.]])

== Agenda ==

 * Improve cooperation
 * Infrastructure Improvements / Problems
 * Less splitted groups / dak in all groups / everything in /org/security.d.o read/writeable by dak. (Put other stuff in an extra place?!) current setup is hard to work in as ftpmaster.
 * Team members
 * Security support of Debian Releases
 * Organisation of work, ticket management, systematic stable-security triage instead of the current chaos
 * Discuss potential LTS support for Lenny (funding, organisational issues)
 * Beta test infrastructure
 * Security support for backports.org
 * Automated generation of webwml for DSAs
 * Handling of Downloader packages in the Tracker (like flashplugin-nonfree)
 * Better support for marking non-issues as non-issues (new tag or something similar?)
 * Drop Sarge from the Security Tracker
 * The Mozilla situation
 * Procedures of processing individual mails to team@ and vendor-sec@ emails
 * Sec_public for stable updates
 * Security hardening of the archive

== Attendees ==

Pairs refer to shared rooms.

 * Florian Weimer, Moritz Mühlenhoff
 * Steffen Joeris, Nico Golde
 * Thijs Kinkhorst, Stefan Fritsch
 * Martin Schulze, Gerfried Fuchs


NB: We'll get two 3-bed rooms, so re-shuffle needs to be done later

== Notes ==

Infrastructure changes/improvements

 * We need to more structurally handle incoming issues, and use RT for that.
 * From RT we need to have regular status updates via email.
 * Instruct maintainers how to report issues and updates to us.
 * Email people about their packages' issues from the tracker data
 * Add a ''confirmed'' state to the tracker for this
 * Build logs signing costs a lot of (waiting) time. Can this perhaps be done automatically?
 * There's a patchset for RT that allows to use it more like a mailclient

Group divisions
 * The difference between secretary and full member doesn't need to be enforced
 * It's good to keep the distinction between (un)embargoed
 * Inactive members should be removed in some way

Ideas for DAK improvements
 * Disallow to release multi-package DSA's unless forced
 * DSA-nnnn-1 and DSA-nnnn shouldn't be accepted. Should be unified.
 * Uploads to *-security to ftp-master should be rejected. Is worked on.
 * Changes to the templates

== Summary ==



== Log ==

{{{
}}}