Team Name

Debian Security Team

Infrastructure

Interacting with the team

Usual roles

The normal procedure is that some member of the team claims a reported issue (mostly through RT) and takes it from there until the advisory is fully released.

Next to the "full members" (part of the 'security' and 'sec_data' groups), the team also has "secretaries" (only in the sec_data group). This role is usually for a new member of the team. A secretary can read all data that the full members can, and hence construct a full advisory, but not actually install the updated packages into the archive. A full member will review the secretary's work and release it.

Task description

The security team evaluates security threats, and produces updated packages for our stable and old-stable release, and release these packages through security.debian.org together with an advisory mail.

The preferred situation is that the regular maintainer of an affected package (who is most familiar with its ins and outs) prepares updated packages or a ready to use patch which, after approval, will be uploaded to security-master. If the regular maintainer can't or won't provide updates (in time), the security team will take the task of creating the updated packages.

More stuff

Some brief links: