Your message dated Sat, 19 Nov 2011 19:42:42 +0100 with message-id <201111191942.43833.thijs@debian.org> and subject line Re: Bug#648595: broken links under www.d.o/security/audit/ has caused the Debian Bug report #648595, regarding broken links under www.d.o/security/audit/ to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 648595: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648595 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: bts <submit@bugs.debian.org>
- Subject: broken links under www.d.o/security/audit/
- From: Paul Wise <pabs@debian.org>
- Date: Sun, 13 Nov 2011 16:59:19 +0800
- Message-id: <[🔎] 1321174759.3952.69.camel@chianamo>
Package: www.debian.org Severity: normal X-Debbugs-CC: debian-security@lists.debian.org These two links are referenced by the Debian security audit pages but the domain has been taken by squatters. Could someone from the security team suggest the correct course of action here? Does the security team generate a list of all setuid/setgid executables in Debian? There does not appear to be a replacement for the debian-audit list, should mails about that be directed to debian-security? http://shellcode.org/Setuid/ http://shellcode.org/mailman/listinfo/debian-audit -- bye, pabs http://wiki.debian.org/PaulWiseAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 648595-done@bugs.debian.org
- Cc: debian-security@lists.debian.org, Paul Wise <pabs@debian.org>
- Subject: Re: Bug#648595: broken links under www.d.o/security/audit/
- From: Thijs Kinkhorst <thijs@debian.org>
- Date: Sat, 19 Nov 2011 19:42:42 +0100
- Message-id: <201111191942.43833.thijs@debian.org>
- In-reply-to: <[🔎] 1321174759.3952.69.camel@chianamo>
- References: <[🔎] 1321174759.3952.69.camel@chianamo>
Hi Paul, Op zondag 13 november 2011 09:59:19 schreef Paul Wise: > Package: www.debian.org > Severity: normal > X-Debbugs-CC: debian-security@lists.debian.org > > These two links are referenced by the Debian security audit pages but > the domain has been taken by squatters. Could someone from the security > team suggest the correct course of action here? Does the security team > generate a list of all setuid/setgid executables in Debian? There does > not appear to be a replacement for the debian-audit list, should mails > about that be directed to debian-security? > > http://shellcode.org/Setuid/ > http://shellcode.org/mailman/listinfo/debian-audit Thanks for checking this with us. The Debian Security Audit Project has been inactive for a long time now. I see the mentioned links have been removed by jfs already. The current solution seems OK: point interested people to the debian-security list and reference Lintian for setuid binaries in the archive. That's all we have now, so I think no further action is necessary on this. If the audit team is revived they can always further improve their pages or add new links. Thijs
--- End Message ---