Bits from the Security Team

• We get tons of spam. If your issue isn't replied to at least once wait a day and resend.
• Frequently advisories are delayed because our buildd machines are broken. We can't fix them.
• People reporting bugs with the 'security' tag help us.
• People reporting bugs with patches help us more.
• People reporting bugs with patches and pointers to fixed packages they have build help us best.
• I like pies.

I am happy to look over patches, built packages, and generally encourage people to be involved. Our team isn't huge but historically we've only added people who've done a fair bit of work first. That is both good and bad.

I could write more, and probably should, but I'll stop there for now because I'm frustrated by the HPPA build machine. Again.

ObRelated: Moritz is trying to get the archive rebuilt with security features from our compilers (eg. -fstack-protector) included. This would be a fantastic achievement. People interested in tested kernel patches, donating buildd machines, etc, etc should give him a ping.

Tags: debian, dsa, hardening, pies, security team | No comments