From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Sun, 14 Apr 2013 13:46:12 +0000
Subject: Add zarb MLs html archives

---
 zarb-ml/mageia-dev/20110415/004003.html | 109 ++++++++++++++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 zarb-ml/mageia-dev/20110415/004003.html

(limited to 'zarb-ml/mageia-dev/20110415/004003.html')

diff --git a/zarb-ml/mageia-dev/20110415/004003.html b/zarb-ml/mageia-dev/20110415/004003.html
new file mode 100644
index 000000000..e2327e5f7
--- /dev/null
+++ b/zarb-ml/mageia-dev/20110415/004003.html
@@ -0,0 +1,109 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-dev] Meeting for secteam start
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Meeting%20for%20secteam%20start&In-Reply-To=%3CBANLkTikVjxTGZrHrvXS42Zusvyb0_-2v3Q%40mail.gmail.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="003999.html">
+   <LINK REL="Next"  HREF="004004.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-dev] Meeting for secteam start</H1>
+    <B>Pascal Terjan</B> 
+    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Meeting%20for%20secteam%20start&In-Reply-To=%3CBANLkTikVjxTGZrHrvXS42Zusvyb0_-2v3Q%40mail.gmail.com%3E"
+       TITLE="[Mageia-dev] Meeting for secteam start">pterjan at gmail.com
+       </A><BR>
+    <I>Fri Apr 15 18:16:43 CEST 2011</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="003999.html">[Mageia-dev] Meeting for secteam start
+</A></li>
+        <LI>Next message: <A HREF="004004.html">[Mageia-dev] Meeting for secteam start
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#4003">[ date ]</a>
+              <a href="thread.html#4003">[ thread ]</a>
+              <a href="subject.html#4003">[ subject ]</a>
+              <a href="author.html#4003">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On Fri, Apr 15, 2011 at 13:35, Stew Benedict &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">stewbintn at gmail.com</A>&gt; wrote:
+&gt;<i> Sorry if I break the thread, just signed back up to the list.
+</I>&gt;<i> Just to kick things off for secteam, I thought I'd list the process as I
+</I>&gt;<i> remember it from when I worked with Vincent for a couple of years.
+</I>&gt;<i> Not to say Mageia needs to follow any of this, and as we're a volunteer
+</I>&gt;<i> organization, I suspect things will be structured a bit differently from
+</I>&gt;<i> a staffing POV than &quot;2 guys mostly dedicated to updates&quot;
+</I>&gt;<i>
+</I>&gt;<i> Old Process:
+</I>&gt;<i>
+</I>&gt;<i> * monitor vendor-sec, discuss vulns, patches, negotiate release schedule,
+</I>&gt;<i> &#160; also watch other distro updates, for things we may have missed
+</I>
+I think we need to add them to a list at that point (some tickets somewhere)
+
+&gt;<i> * check our srpm database (Vincent later reworked this) for all the
+</I>&gt;<i> places the affected source code
+</I>&gt;<i> &#160; may be buried (many packages embed copies of other source)
+</I>
+And add that info in the tickets as a list of needed actions, or maybe
+have some blocking tickets
+
+&gt;<i> * apply/adapt patches for all supported releases/architectures (may have
+</I>&gt;<i> been published on vendor-sec,
+</I>&gt;<i> &#160; or from another distro package, or extracted from upstream)
+</I>&gt;<i>
+</I>&gt;<i> &#160; ** when we we supporting several releases, with Enterprise stuff
+</I>&gt;<i> being quite old, reworking the patches at times was difficult
+</I>&gt;<i> &#160; ** policy changed over time and these days many things bump up to a
+</I>&gt;<i> new release, rather than patching
+</I>&gt;<i>
+</I>&gt;<i> * build in chroot to preserve the original build env (moved to iurt
+</I>&gt;<i> around the time I left)
+</I>&gt;<i>
+</I>&gt;<i> &#160; ** if we had trouble building the package, contact the maintainer for
+</I>&gt;<i> help
+</I>&gt;<i>
+</I>&gt;<i> * acquire or write a POC (proof of concept) to test that the vuln is
+</I>&gt;<i> corrected, if not, re-patch/re-test
+</I>&gt;<i>
+</I>&gt;<i> * test the app for basic functionality, that we haven't introduced
+</I>&gt;<i> regressions
+</I>&gt;<i>
+</I>&gt;<i> &#160; ** bugfix updates went to QA for testing, this was a big
+</I>&gt;<i> blocker/delay at times
+</I>&gt;<i>
+</I>&gt;<i> * write advisory text (usually copied from the CVE if there is one, or
+</I>&gt;<i> bugzilla from a bugfix)
+</I>&gt;<i>
+</I>&gt;<i> * upload packages to main mirror, wait a few hours and release the
+</I>&gt;<i> announcement (we had several scripts
+</I>&gt;<i> &#160; that facilitated getting packages in the right place, signing them,
+</I>&gt;<i> uploading, etc.)
+</I></PRE>
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="003999.html">[Mageia-dev] Meeting for secteam start
+</A></li>
+	<LI>Next message: <A HREF="004004.html">[Mageia-dev] Meeting for secteam start
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#4003">[ date ]</a>
+              <a href="thread.html#4003">[ thread ]</a>
+              <a href="subject.html#4003">[ subject ]</a>
+              <a href="author.html#4003">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>
-- 
cgit v1.2.1