Motu application for Emanuele Gentili (emgent)

Emanuele Gentili emgent at ubuntu.com
Wed Jul 9 14:49:28 BST 2008


Michael Bienia ha scritto:

Hello Michael and thanks for your reply.

> As security updates for stable are uploaded through the security team
> and upload right don't help much here (at least for now) my questions
> are about security updates for the development version:
>
> What work is needed there besides pulling the fixes from Debian
> unstable?
>   

Not only from Debian Unstable.
We use track vulnerabilities via CVE [1], and we use analyse it and
write a patch and then talk with upstream for this. If upstream release
patch firt we use test official patch and apply it.

> Do you work with the Debian maintainer on security fixes which aren't
> yet in Debian (to keep the delta small)?
>   
Not always, Debian security team is very restricted, but i usually talk
with DS people on OFTC.

> How do you keep track which packages need fixing in the development
> version?
>   

Ubuntu CVE Tracker [2] and rmadison are our friends.
Also I use audit software and if found bug, I use propose a fix and talk
with upstream. [3]


> Regards
> Michael
>   

Cheers,


[1] http://cve.mitre.org/
     http://nvd.nist.gov/

[2] https://launchpad.net/ubuntu-cve-tracker
[3] https://launchpad.net/~ubuntu-whitehat
     https://wiki.ubuntu.com/UbuntuPentest
     https://wiki.ubuntu.com/UbuntuPentest/GuidelinesDraft

Emanuele

-- 
Emanuele Gentili 	    | Ubuntu Security Team
emgent at ubuntu.com           | https://edge.launchpad.net/~emgent

Key fingerprint: 2D40 5E33 506F 5609 FFCC 215B 10BA 2D1E A667 67F3
gpg --keyserver keyserver.ubuntu.com --recv-keys A66767F3





More information about the Motu-council mailing list