On Tue, Nov 06 2018, Paul Wise wrote: > On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote: > >> Hi folks, > > FTR, in case you were trying to contact the Debian Security Team > directly I suggest using secur...@debian.org or > t...@security.debian.org instead, debian-security is more of a general > security discussion list than a Debian Security Team list.
Hi Paul, Thanks - I did intend it to go here, understanding that difference; I had no particular reason to make it more private. [ snips ] > Personally, I think running debsecan, looking at each item, pinging > bug reports and maintainers, doing stable updates and unstable NMUs, > pushing patches upstream etc would be a great help. That is good advice, thanks. I've been a DD for a long while, but it's been awhile (years) since I've been involved in the security process and wasn't quite sure what the flow was anymore. > Also, debsecan itself could use a lot of help, the maintenance of it > and addition of new features currently falls on already-busy security > team folks. > > In addition some more automation of ingestion of security info into > the security tracker would free up security team time that is > currently spent on manually updating the security-tracker data. What kind of automated sources are you talking about here? Where do I find the source that might be relevant? I might be able to pitch in here. Thanks again, John
