Debian Testing Looking for Security Staff

As Nico Golde from the Testing Security Team writes in a message posted on a mailing list, currently just one or two developers are keeping an eye on security in the testing branch. The situation has become more aggravated because one of the team members has been hit by a computer defect.

The Testing Security team aims to achieve a reasonable measure of security for all users who declined the "testing" branch of the Debian distribution on their computers. Typical users include developers who prefer more recent software, but also end users.

Golde emphasizes bent you do not need to be a registered Debian developer to help the security team. The only basic requirements are some working knowledge of security mechanisms and vulnerabilities, familiarity with the Subversion version control system and of course enough time. A security issue occurs every two to three days. In order to find the vulnerability of team traces new input in the CVE Security directory and in Debian’s Bugtracker. The Debian Security Tracker is used to trace vulnerabilities. An introduction to this tool is provided by the "Narrative Introduction" in the Subversion repository.

If you also have programming experience and know-how to build Debian packages, your contribution will definitely be welcome: after all, the Security team creates updated packages with fixes for vulnerabilities.

If you fulfill at least some of these requirements and are interested in an interesting task, you can contact the Testing Security Team via its mailing list. As an alternative contact you can also use the IRC channel "#debian-security" on irc.oftc.net.