|
Size: 2366
Comment: make link to members direct
|
← Revision 17 as of 2022-11-03 03:57:30 ⇥
Size: 2466
Comment: cleanup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| Line 8: | Line 9: |
| * https://security-team.debian.org/ | |
| Line 9: | Line 11: |
| Line 10: | Line 13: |
| Line 13: | Line 17: |
| * '''Public IRC channel''': [[irc://irc.debian.org/debian-security|#debian-security]] | * '''Public IRC channel''': [[ircs://irc.oftc.net/debian-security|#debian-security on OFTC]] ([[https://webchat.oftc.net/?channels=debian-security|webchat]]) |
| Line 15: | Line 19: |
| Line 16: | Line 21: |
| . See list of members here: https://www.debian.org/intro/organization#security | See list of members here: https://www.debian.org/intro/organization#security |
| Line 31: | Line 37: |
| Some brief links: | |
| Line 34: | Line 39: |
| * http://security-team.debian.org/security_tracker.html | * https://security-team.debian.org/security_tracker.html |
Debian Security Team
Infrastructure
Website: https://www.debian.org/security/
Documentation:
Unix groups: security, sec_public, sec_embargo, sectracker
Interacting with the team
Read the FAQ first: https://www.debian.org/security/faq
Developer's reference: Dealing with a security issue in your package.
Email contact: team@security.debian.org (== security@debian.org)
Public IRC channel: #debian-security on OFTC (webchat)
Reporting a bug tagged "security"
Usual roles
See list of members here: https://www.debian.org/intro/organization#security
The normal procedure is that some member of the team claims a reported issue and takes it from there until the advisory is fully released.
Next to the "full members" (part of the 'security' group), the team also has "assistants" (only in the sec_embargo group). This last role is usually for new members of the team. An assistant can read almost all data that the full members can, and construct a full advisory, but not actually install the updated packages into the archive. A full member will review the assistant's work and release it.
Task description
The security team evaluates security threats, and produces updated packages for our stable and old-stable releases, and release these packages through security.debian.org together with an advisory mail.
The preferred situation is that the regular maintainer of an affected package (who is most familiar with its ins and outs) prepares updated packages or a ready to use patch which, after approval, will be uploaded to security-master. If the regular maintainer can't or won't provide updates (in time), the security team will take the task of creating the updated packages.
Security for testing and unstable is not officially guaranteed, but the team tracks those distributions as well in the security tracker. A number of regular volunteers outside of the team help with triaging issues on the security tracker.