Bug#648595: marked as done (broken links under www.d.o/security/audit/)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 19 Nov 2011 19:42:42 +0100
with message-id <201111191942.43833.thijs@debian.org>
and subject line Re: Bug#648595: broken links under www.d.o/security/audit/
has caused the Debian Bug report #648595,
regarding broken links under www.d.o/security/audit/
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
648595: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648595
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: bts <submit@bugs.debian.org>
• Subject: broken links under www.d.o/security/audit/
• From: Paul Wise <pabs@debian.org>
• Date: Sun, 13 Nov 2011 16:59:19 +0800
• Message-id: <[🔎] 1321174759.3952.69.camel@chianamo>

Package: www.debian.org
Severity: normal
X-Debbugs-CC: debian-security@lists.debian.org

These two links are referenced by the Debian security audit pages but
the domain has been taken by squatters. Could someone from the security
team suggest the correct course of action here? Does the security team
generate a list of all setuid/setgid executables in Debian? There does
not appear to be a replacement for the debian-audit list, should mails
about that be directed to debian-security?

http://shellcode.org/Setuid/
http://shellcode.org/mailman/listinfo/debian-audit

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

• To: 648595-done@bugs.debian.org
• Cc: debian-security@lists.debian.org, Paul Wise <pabs@debian.org>
• Subject: Re: Bug#648595: broken links under www.d.o/security/audit/
• From: Thijs Kinkhorst <thijs@debian.org>
• Date: Sat, 19 Nov 2011 19:42:42 +0100
• Message-id: <201111191942.43833.thijs@debian.org>
• In-reply-to: <[🔎] 1321174759.3952.69.camel@chianamo>
• References: <[🔎] 1321174759.3952.69.camel@chianamo>

Hi Paul,

Op zondag 13 november 2011 09:59:19 schreef Paul Wise:
> Package: www.debian.org
> Severity: normal
> X-Debbugs-CC: debian-security@lists.debian.org
> 
> These two links are referenced by the Debian security audit pages but
> the domain has been taken by squatters. Could someone from the security
> team suggest the correct course of action here? Does the security team
> generate a list of all setuid/setgid executables in Debian? There does
> not appear to be a replacement for the debian-audit list, should mails
> about that be directed to debian-security?
> 
> http://shellcode.org/Setuid/
> http://shellcode.org/mailman/listinfo/debian-audit

Thanks for checking this with us. The Debian Security Audit Project has been 
inactive for a long time now.

I see the mentioned links have been removed by jfs already. The current 
solution seems OK: point interested people to the debian-security list and 
reference Lintian for setuid binaries in the archive. That's all we have now, 
so I think no further action is necessary on this. If the audit team is 
revived they can always further improve their pages or add new links.


Thijs

--- End Message ---