Bug#908934: ITP: golang-github-azure-azure-pipeline-go -- HTTP request/response middleware pipeline
Package: wnpp Severity: wishlist Owner: Dr. Tobias Quathamer * Package name: golang-github-azure-azure-pipeline-go Version : 0.1.7 Upstream Author : Microsoft * URL : https://github.com/Azure/azure-pipeline-go * License : Expat Programming Lang: Go Description : HTTP request/response middleware pipeline Package pipeline implements an HTTP request/response middleware pipeline whose policy objects mutate an HTTP request's URL, query parameters, and/or headers before the request is sent over the wire. This package is needed for the new upstream version of rclone. Regards, Tobias signature.asc Description: OpenPGP digital signature
Bug#908935: ITP: golang-github-azure-azure-storage-blob-go -- Microsoft Azure Blob Storage Library for Go
Package: wnpp Severity: wishlist Owner: Dr. Tobias Quathamer * Package name: golang-github-azure-azure-storage-blob-go Version : 0.2.0-1 Upstream Author : Microsoft Azure * URL : https://github.com/Azure/azure-storage-blob-go * License : Expat Programming Lang: Go Description : Microsoft Azure Blob Storage Library for Go The Microsoft Azure Storage SDK for Go allows you to build applications that takes advantage of Azure's scalable cloud storage. It provides low-level and high-level APIs. This package is needed for the new upstream version of rclone. Regards, Tobias signature.asc Description: OpenPGP digital signature
Bug#908943: ITP: golang-github-dnaeon-go-vcr -- Record and replay your HTTP interactions for tests
Package: wnpp Severity: wishlist Owner: Dr. Tobias Quathamer * Package name: golang-github-dnaeon-go-vcr Version : 0.0~git20180814.aafff18-1 Upstream Author : Marin Atanasov Nikolov * URL : https://github.com/dnaeon/go-vcr * License : BSD-2-clause Programming Lang: Go Description : Record and replay your HTTP interactions for tests go-vcr simplifies testing by recording your HTTP interactions and replaying them in future runs in order to provide fast, deterministic and accurate testing of your code. This package is needed for the new upstream version of rclone. Regards, Tobias signature.asc Description: OpenPGP digital signature
Report from the Debian Security Team Sprint in Hamburg (May 2018)
Security Team sprint report === The Security Team met in Hamburg between May 16 and May 20 2018 as part of the Mini-DebConf Hamburg for work and discussion about ongoing work plans, process review, and potential issues. The participants were Alessandro Ghedini (ghedo), Moritz Muehlenhoff (jmm), Salvatore Bonaccorso (carnil), Sébastien Delafond (seb), and Yves-Alexis Perez (corsac). We'd like to thank the Mini-DebConf organizers for providing the facilities for our sprint, as well as all donors to the Debian project who helped to cover a large part of our expenses. DSA workflow We reached a consensus on implementing a wrapper to help with the (currently) cumbersome DSA release process. Further automation via a git-based trigger in a dedicated repository could be the next step. Automated patch management -- Based on Luciano Bello's talk[0] during DebConf 17, an additional pass was made to check again on the status for this project. [0] https://debconf17.debconf.org/talks/166/ Autopkgtest for security.debian.org We are interested in having this service provided for security uploads, in a manner compatible with embargoed packages. Several discussions will be initiated with the relevant parties. Better access control - We're looking into options to use 2FA to secure both SSH logins to security-master and access to salsa. New home for documentation -- We decided to work toward a Gitlab pages-based solutions as the main entrypoint to all security-related documentation (developer reference section, FAQ, TODO list, etc). Infrastructure improvements --- We followed up on the staging repository project, and also discussed a delegated DSA release process. Kernel hardening Yves-Alexis performed an extensive audit about recent evolutions regarding kernel security. Misc We had several discussions about updates to 32-bit x86 kernels, go-based packages (will not be covered by security support for buster unless tooling for rebuilds improves), Firefox ESR (Rust/Cargo toolchain has been updated and is ready for ESR 60), and fast-moving packages (like gitlab, elasticsearch, wordpress, etc).
