Debian Security Tools Packaging Team (pkg-security)
Infrastructure
Alioth Project: https://alioth.debian.org/projects/pkg-security
Package tracker team: https://tracker.debian.org/teams/pkg-security/
Git repositories: https://anonscm.debian.org/cgit/?q=pkg-security
- All Debian developers have write access to the git repositories.
Interacting with the team
Mailing list: pkg-security-team@lists.alioth.debian.org (subscription page)
Usual roles
RaphaelHertzog is project admin on alioth
- Gianfranco Costamagna is project admin on alioth
Task description
Maintain correctly all security related tools. Merge back tools packaged by security-oriented Debian derivatives.
Get involved
Prepare a patch for a bug on a team maintained package.
Import a Kali package and clean it up so that we can upload it to Debian.
Package new security related tools (the Kali bug tracker is full of suggestions, please package something only if you use the tool or if it provides some interesting features not covered by existing packages)
Packaging rules
Git packaging tool and repository layout
We use git-buildpackage with full sources stored in the repository and with pristine-tar to be able to retrieve the orig tarball out of the git repository. We strive to respect DEP-14 for he repository layout.
You can create a new git repository by logging into git.debian.org and by running /git/pkg-security/setup-repository. Here's an example to create a repository for ssldump:
$ ssh git.debian.org foo@moszumanska:~$ cd /git/pkg-security/ foo@moszumanska:/git/pkg-security$ ./setup-repository ssldump
The repository's HEAD will point to debian/master the default packaging branch suggested by DEP-14. The git hooks will send commit emails to the package tracker and will tag any fixed bug as "pending".
For a better experience you might want to set the following options in ~/.gbp.conf:
[DEFAULT] pristine-tar = True cleaner = /bin/true [buildpackage] sign-tags = True export-dir = ../build-area/ ignore-branch = True [import-orig] filter-pristine-tar = True [pq] patch-numbers = False
The "ignore-branch" is important so that git-buildpackage doesn't complain of the unexpected name of the packaging branch. The "export-dir" setting ensures builds are done on a separate copy of the sources, thus avoiding to pollute/break the git repository with build artifacts.
Packaging helper
We use the "dh" command provided by debhelper to ensure we have short but expressive debian/rules files.