dc9 - 0.5

DebConf9

Speakers
Micah Anderson
Schedule
Day DebConf day 6 (2009-07-29)
Room BOF room - no video
Start time 16:00
Duration 01:00
Info
ID 521
Event type bof
Track DebConf Unofficial
Language en
Feedback

Security BOF

This is a discussion amongst the involved security people at Debconf. It is not a presentation, but rather a work group discussion. The focus will be around improving the existing security work in Debian.

This BOF will discuss things such as the following:

  • more members for testing-security, how do we get new people in? I think we have becoming pretty good in maintaing the tracker recently but we really lack of people who also fix bugs and write patches

  • testing migration, almost no one cares about testing migration at the moment which is one of the reasons we don't have security support for testing at the moment

  • testing security support, what needs to be done and how can we solve the current problems.

  • Debian as a CNA, while we can assign CVE ids the current workflow is far from perfect, we have large delays sometimes getting CVE ids and I think binding this to one person is a rather bad idea.

  • how to push for enabling more hardening compile options in squeeze

  • moving infrastructure to the new KVM instance (currently the testing-security infrastructure is spread over three non debian.org hosts)

  • tracking of packages that got into testing/unstable from proposed upgrades (and how to detect if the maintainer uploads a vulnerable version again)