Internationalization and localization in Debian

This is the paper for a Debconf6 roundtable named State of the art for Debian i18n/l10n. This paper has been written by Chritian Perrier and Javier Fernández-Sanguino.

Here you will find:

If you can review the paper, please use the Docbook-XML sources to send patches to the authors (read the document for contact information for them).

Weeding out security bugs in Debian

Paper for the Debconf6 Technical Workshop on Security.

The paper is available:

If you want to check out the data sets I used for this paper, look for it here. This does not include the vulnerability database I used, if you want to take a look at it (or at the scripts used to introduce data in it) send me an e-mail. Finally, if you want to check out the examples used in the workshop, just go to the samples directory.

This was my proposal, which might serve as an introduction to the paper itself:

Security bugs are routinely found in software that is shipped with the Debian
OS. These bugs go from obscure bugs nobody thought about to common and
recurring mistakes that open up our user's systems to attack.

The workshop will focus and show how Debian developers can detect and fix these
bugs themselves, showing off tools used and developed by the Security Audit

Also, some insights on how to introduce security engineering into software
development to avoid bugs following well known practices such as: minimum
privileges, safe default configurations, fail safe, input validation, etc.

If all Debian developers would apply these principles the Debian OS would,
consequently, have less security bugs which would reduce the workload of the
security team. Also, if Debian developers would be able to spot troublesome
software that requires careful review before uploading it to the distribution
we would also prevent a lot of inmature, security-bug-ridden software in the

The workshop's end goal is to give more power to developers based on past
experiences as a way to improve security in the Debian OS.