Bug#1040914: dev-ref: update best practices around security (Re: Securing Debian Manual too old?)

2023-07-12 Thread Holger Levsen 
package: developers-reference
x-debbugs-cc: debian-secur...@lists.debian.org

hi,

On Tue, Jul 11, 2023 at 10:46:20PM +0200, Moritz Mühlenhoff wrote:
> > I found the Securing Debian Manual
> > (https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html).
> > This version is from 2017.
> 
> This document is in fact too outdated and not in a shape we should
> prominently present it on the Debian website, thanks for flagging it.
> It even predates systemd and no mention of it at all...
> 
> Can you please "reportbug www.debian.org" asking to remove it from the
> website?

https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.en.html#best-practices-around-security

currently contains this text:



Best practices around security


A set of suggestions and links to other reference documents around
security aspects for packaging can be found at the `Developer's Best
Practices for OS Security chapter inside the Securing Debian Manual
`__.



and unsure what to do now, as I'd like to keep the anchor and chapter, so
just dropping this would be wrong. Help welcome.

> It's also packaged as src:harden-doc and probably stick around in
> case someone wants to improve it going forward.

I'm not even sure this is useful to keep around. :/


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Just today, over 800 women will have died due to preventable pregnancy and
birth complications, over 130 due to femicide.
https://www.who.int/news-room/fact-sheets/detail/maternal-mortality
https://en.wikipedia.org/wiki/Femicide#Worldwide


signature.asc
Description: PGP signature

Bug#922674: debian-policy: make symlink requirements consistent

2023-07-12 Thread sothrt+f20muazw5tue8 
Package: debian-policy
Followup-For: Bug #922674

Dear Maintainer,

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039979 has come up as 
something to consider regarding this related change in debian policy.

In that context, I'd advocate for permitting '..' in symlinks, even if only as 
an exception for those specific paths to enable safer working with chroots.