Security Team BoF 20130813

---
Attendees

helmut
Y Plentyn
federico3
Luciano
Rhonda
Eva
jcristau
carnil
---

Topics

Workflow (done)
Lack of documentation
Lack of communication
Organization of the team (done)
Team growth (done)

Organization
 - Members of the security-testing alioth project, the "tracker"
 - Members of the private list
 - "core?" Members

Workflow
''''''''
https://wiki.debian.org/DebianSecurity/

embargo?
oss-security@lists.openwall.com - public list for requesting CVE identifiers for issues that are already public
NFU

things that you can do with your grants
'''''''''''''''''''
1. contribute in the security-testing alioth
 1.1 submit bugs
 1.2 patches
 1.3 NMU
 1.4 embedded-copies
 1.5 take from dsa-needed and propuse a text
2. assitant
3. member

---- Lack of communication 
secure-testing-team@lists.alioth.debian.org
If you need to contact the team, write to the security@rt.debian.org with (incomming)
https://wiki.debian.org/rt.debian.org#Security_Team
- ways to improve the bus factor?
debian-security@lists.debian.org what it is for?

---- Documentation
Task description missed
linking documentaion
http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction
https://wiki.debian.org/rt.debian.org
https://wiki.debian.org/Teams/Security

Security Advisory Creation:
https://wiki.debian.org/DebianSecurity/AdvisoryCreation <-- how to contribute preparing advisories.

For looking at obvious embedded copies of scripts in binary packages, you can quickly check at http://dedup.debian.net/