CINXE.COM
Teams/Security - Debian Wiki
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/htdocs/favicon.ico"> <script type="text/javascript" src="/htdocs/bugstatus.js"></script> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> <meta name="robots" content="index,nofollow"> <title>Teams/Security - Debian Wiki</title> <script type="text/javascript" src="/htdocs/common/js/common.js"></script> <script type="text/javascript"> <!-- var search_hint = "Search"; //--> </script> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debwiki/css/common.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="screen" href="/htdocs/debwiki/css/screen.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="print" href="/htdocs/debwiki/css/print.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="projection" href="/htdocs/debwiki/css/projection.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debian-wiki-1.0.css"> <!-- css only for MS IE6/IE7 browsers --> <!--[if lt IE 8]> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debwiki/css/msie.css"> <![endif]--> <link rel="alternate" title="Debian Wiki: Teams/Security" href="/Teams/Security?diffs=1&show_att=1&action=rss_rc&unique=0&page=Teams%2FSecurity&ddiffs=1" type="application/rss+xml"> <link rel="Start" href="/FrontPage"> <link rel="Alternate" title="Wiki Markup" href="/Teams/Security?action=raw"> <link rel="Alternate" media="print" title="Print View" href="/Teams/Security?action=print"> <link rel="Up" href="/Teams"> <link rel="Search" href="/FindPage"> <link rel="Index" href="/TitleIndex"> <link rel="Glossary" href="/WordIndex"> <link rel="Help" href="/HelpOnFormatting"> </head> <body lang="en" dir="ltr"> <div id="logo"><a href="https://www.debian.org" title="Debian Homepage"><img src="https://www.debian.org/Pics/openlogo-50.png" alt="Debian" width="50" height="61"></a></div> <div id="header"> <div id="wikisection"> <p class="section"><a href="/FrontPage" title="Debian Wiki Homepage">Wiki</a></p> <div id="username"><a href="/Teams/Security?action=login" id="login" rel="nofollow">Login</a></div> </div> <div id="navbar"> <ul id="navibar"> <li class="wikilink"><a href="/FrontPage">FrontPage</a></li><li class="wikilink"><a href="/RecentChanges">RecentChanges</a></li><li class="wikilink"><a href="/FindPage">FindPage</a></li><li class="wikilink"><a href="/HelpContents">HelpContents</a></li><li class="current"><a href="/Teams/Security">Teams/Security</a></li> </ul> </div> <form id="searchform" method="get" action="/Teams/Security"> <div> <input type="hidden" name="action" value="fullsearch"> <input type="hidden" name="context" value="180"> <label for="searchinput">Search:</label> <input id="searchinput" type="text" name="value" value="" size="20" onfocus="searchFocus(this)" onblur="searchBlur(this)" onkeyup="searchChange(this)" onchange="searchChange(this)" alt="Search"> <input id="titlesearch" name="titlesearch" type="submit" value="Titles" alt="Search Titles"> <input id="fullsearch" name="fullsearch" type="submit" value="Text" alt="Search Full Text"> </div> </form> <script type="text/javascript"> <!--// Initialize search form var f = document.getElementById('searchform'); f.getElementsByTagName('label')[0].style.display = 'none'; var e = document.getElementById('searchinput'); searchChange(e); searchBlur(e); //--> </script> <div id="logo"><a href="https://www.debian.org" title="Debian Homepage"><img src="https://www.debian.org/Pics/openlogo-50.png" alt="Debian" width="50" height="61"></a></div> <div id="breadcrumbs"><a href="/FrontPage" title="Debian Wiki Homepage">Wiki</a><span class="sep">/</span> </div> <ul class="editbar"><li><a href="/Teams/Security?action=login" id="login-1" rel="nofollow">Login</a></li><li class="toggleCommentsButton" style="display:none;"><a href="#" class="nbcomment" onClick="toggleComments();return false;">Comments</a></li><li><a class="nbinfo" href="/Teams/Security?action=info" rel="nofollow">Info</a></li><li><a class="nbattachments" href="/Teams/Security?action=AttachFile" rel="nofollow">Attachments</a></li><li> <form class="actionsmenu" method="GET" action="/Teams/Security"> <div> <label>More Actions:</label> <select name="action" onchange="if ((this.selectedIndex != 0) && (this.options[this.selectedIndex].disabled == false)) { this.form.submit(); } this.selectedIndex = 0;"> <option value="raw">Raw Text</option> <option value="print">Print View</option> <option value="RenderAsDocbook">Render as Docbook</option> <option value="refresh">Delete Cache</option> <option value="show" disabled class="disabled">------------------------</option> <option value="SpellCheck">Check Spelling</option> <option value="LikePages">Like Pages</option> <option value="LocalSiteMap">Local Site Map</option> <option value="show" disabled class="disabled">------------------------</option> <option value="RenamePage" disabled class="disabled">Rename Page</option> <option value="DeletePage" disabled class="disabled">Delete Page</option> <option value="show" disabled class="disabled">------------------------</option> <option value="show" disabled class="disabled">Subscribe User</option> <option value="show" disabled class="disabled">------------------------</option> <option value="show" disabled class="disabled">Remove Spam</option> <option value="show" disabled class="disabled">Revert to this revision</option> <option value="PackagePages">Package Pages</option> <option value="show" disabled class="disabled">------------------------</option> <option value="Load">Load</option> <option value="Save">Save</option> <option value="SlideShow">SlideShow</option> </select> <input type="submit" value="Do"> </div> <script type="text/javascript"> <!--// Init menu actionsMenuInit('More Actions:'); //--> </script> </form> </li></ul> <h1 id="locationline"> <ul id="pagelocation"> <li><a href="/Teams">Teams</a></li><li><a href="/Teams/Security">Security</a></li> </ul> </h1> </div> <div id="page" lang="en" dir="ltr"> <div dir="ltr" id="content" lang="en"><span class="anchor" id="top"></span> <span class="anchor" id="line-1"></span><p class="line867"> <h1 id="Debian_Security_Team">Debian Security Team</h1> <span class="anchor" id="line-2"></span><span class="anchor" id="line-3"></span><p class="line867"> <h2 id="Infrastructure">Infrastructure</h2> <span class="anchor" id="line-4"></span><span class="anchor" id="line-5"></span><ul><li><p class="line891"><strong>Website</strong>: <a class="https" href="https://www.debian.org/security/">https://www.debian.org/security/</a> <span class="anchor" id="line-6"></span></li><li><p class="line891"><strong>Documentation</strong>: <span class="anchor" id="line-7"></span><ul><li><p class="line891"><a href="/DebianSecurity">DebianSecurity</a> <span class="anchor" id="line-8"></span></li><li><p class="line891"><a href="/DebianSecurity/AdvisoryCreation">DebianSecurity/AdvisoryCreation</a> <span class="anchor" id="line-9"></span></li><li><p class="line891"><a class="https" href="https://security-team.debian.org/">https://security-team.debian.org/</a> <span class="anchor" id="line-10"></span></li></ul></li><li><p class="line891"><strong>Unix groups</strong>: security, sec_public, sec_embargo, sectracker <span class="anchor" id="line-11"></span><span class="anchor" id="line-12"></span></li></ul><p class="line867"> <h2 id="Interacting_with_the_team">Interacting with the team</h2> <span class="anchor" id="line-13"></span><span class="anchor" id="line-14"></span><ul><li><p class="line891"><strong>Read the FAQ first</strong>: <a class="https" href="https://www.debian.org/security/faq">https://www.debian.org/security/faq</a> <span class="anchor" id="line-15"></span></li><li><p class="line891"><strong>Developer's reference</strong>: <a class="https" href="https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security">Dealing with a security issue in your package</a>. <span class="anchor" id="line-16"></span></li><li><p class="line891"><strong>Email contact</strong>: <a class="mailto" href="mailto:team@security.debian.org">team@security.debian.org</a> (== <a class="mailto" href="mailto:security@debian.org">security@debian.org</a>) <span class="anchor" id="line-17"></span></li><li><p class="line891"><strong>Public IRC channel</strong>: <a class="ircs" href="ircs://irc.oftc.net/debian-security">#debian-security on OFTC</a> (<a class="https" href="https://webchat.oftc.net/?channels=debian-security">webchat</a>) <span class="anchor" id="line-18"></span></li><li><p class="line891"><strong>Reporting a bug tagged "security"</strong> <span class="anchor" id="line-19"></span><span class="anchor" id="line-20"></span></li></ul><p class="line867"> <h2 id="Usual_roles">Usual roles</h2> <span class="anchor" id="line-21"></span><span class="anchor" id="line-22"></span><p class="line862">See list of members here: <a class="https" href="https://www.debian.org/intro/organization#security">https://www.debian.org/intro/organization#security</a> <span class="anchor" id="line-23"></span><span class="anchor" id="line-24"></span><p class="line874">The normal procedure is that some member of the team claims a reported issue and takes it from there until the advisory is fully released. <span class="anchor" id="line-25"></span><span class="anchor" id="line-26"></span><p class="line874">Next to the "full members" (part of the 'security' group), the team also has "assistants" (only in the sec_embargo group). This last role is usually for new members of the team. An assistant can read almost all data that the full members can, and construct a full advisory, but not actually install the updated packages into the archive. A full member will review the assistant's work and release it. <span class="anchor" id="line-27"></span><span class="anchor" id="line-28"></span><p class="line867"> <h2 id="Task_description">Task description</h2> <span class="anchor" id="line-29"></span><span class="anchor" id="line-30"></span><p class="line874">The security team evaluates security threats, and produces updated packages for our stable and old-stable releases, and release these packages through security.debian.org together with an advisory mail. <span class="anchor" id="line-31"></span><span class="anchor" id="line-32"></span><p class="line874">The preferred situation is that the regular maintainer of an affected package (who is most familiar with its ins and outs) prepares updated packages or a ready to use patch which, after approval, will be uploaded to security-master. If the regular maintainer can't or won't provide updates (in time), the security team will take the task of creating the updated packages. <span class="anchor" id="line-33"></span><span class="anchor" id="line-34"></span><p class="line874">Security for testing and unstable is not officially guaranteed, but the team tracks those distributions as well in the security tracker. A number of regular volunteers outside of the team help with triaging issues on the security tracker. <span class="anchor" id="line-35"></span><span class="anchor" id="line-36"></span><p class="line867"> <h2 id="More_stuff">More stuff</h2> <span class="anchor" id="line-37"></span><span class="anchor" id="line-38"></span><ul><li><p class="line891"><a class="https" href="https://security-tracker.debian.org/tracker/">https://security-tracker.debian.org/tracker/</a> <span class="anchor" id="line-39"></span></li><li><p class="line891"><a class="https" href="https://security-team.debian.org/security_tracker.html">https://security-team.debian.org/security_tracker.html</a> <span class="anchor" id="line-40"></span></li></ul><span class="anchor" id="bottom"></span></div><div id="pagebottom"></div> </div> <div id="footer"> <p id="pageinfo" class="info" lang="en" dir="ltr">Teams/Security (<a class="nbinfo" href="/Teams/Security?action=info" rel="nofollow">last modified 2022-11-03 03:57:30</a>)</p> <ul id="credits"> <li>Debian <a href="https://www.debian.org/legal/privacy">privacy policy</a>, Wiki <a href="/Teams/DebianWiki">team</a>, <a href="https://bugs.debian.org/wiki.debian.org">bugs</a> and <a href="https://salsa.debian.org/debian/wiki.debian.org">config</a>.</li><li>Powered by <a href="https://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin</a> and <a href="https://moinmo.in/Python" title="MoinMoin is written in Python.">Python</a>, with hosting provided by <a href="https://www.man-da.de/">Metropolitan Area Network Darmstadt</a>.</li> </ul> </div> </body> </html>