home of the madduck/ blog/
Oldenburg security summit

After many painful attempts to organise a security meeting since Debconf5, locking the important players into a room until Debian security issues would all be addressed and solved, it seems that I did succeed at getting the ball rolling. Wiggy's suggestion to make the meeting happen at Oldenburg and thus saving time for Joey and enabling him to attend was fruitful: the Oldenburg Security Summit took place today. Unfortunately, I could not attend, but then I am not an active security contributor these days anyway.

Several members of the testing security and Ubuntu security team met with Joey, Branden, and several other interested parties and discussed a number of pressing issues. Minutes will be made available soon. Based on this meeting, we can probably expect followups on IRC (#debian-security/irc.oftc.net), and hopefully, Debian will soon be in control of the security situation again -- better than ever before thanks to a possible integration of the various teams.

Uh, but I am not here to speculate. Nevertheless, it's good to see some first steps in the right direction, which right now seems to be the consolidation of the existing security team, and the formalisation of the processes to make it easier for others to contribute on non-embargoed issues.

In the mean time, the Neptun project, as well as the IT support group of the Department of Information Technology and Electrical Engineering, both at the ETH Zurich, have announced their financial support of at least 5,000 CHF (\~ 2750€), very possibly twice that or even more, to cover for travel expenses for the attendees of the security summit, and possible future meetings. As soon as the formalities are taken care of, I shall make an official announcement about the funding. Cool! Thanks a lot, ETH!