diff options
| author | Joey Hess <joeyh@debian.org> | 2006-08-17 20:50:19 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2006-08-17 20:50:19 +0000 |
| commit | 385f3387fcf000b5796b9902cc5dc1681dc0758a (patch) | |
| tree | 5832da52e7a5df6f0d0029e36715310db1ed5778 | |
| parent | 112b57a3f5df35bd37cbe1561f15248e1d35e4c2 (diff) | |
update for tracker changes
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4589 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | doc/narrative_introduction | 73 |
1 files changed, 25 insertions, 48 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index a0127fc0f1..067459461e 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -265,26 +265,34 @@ Generated Reports ----------------- All of this tracking information gets automatically parsed and compared against madison to determine what has been fixed and what is -still waiting, this results in this page: +still waiting, this results in this website: -http://spohr.debian.org/~joeyh/testing-security.html +http://security-tracker.debian.net/ -This page tells us a number of things, for example: - -abiword 2.2.10-1 needed, have 2.2.7-3 for CAN-2005-2964 - -This tells us that we know that this fix has been applied in debian -package version 2.2.10-1, but testing only has 2.2.7-3. It has links to -the reason why this hasn't entered testing yet, as well as the CAN -reference at Mitre (given different background colors according to the -severity). The ones with bugs have links directly to the bugs that have -been filed. Additionally cross-references for DSAs are generated. - -At the bottom is a legend detailing the severity levels, the number of -unfixed holes currently in testing, the number of holes that have been -fixed in unstable that haven't migrated to testing, and the number of -TODO items that we have to process still. +It incorporates package lists and parses distribution lists and can +thus be used to +- Present the security history of a package +- Provide overviews of vulnerable packages in stable, testing, sid and + oldstable (it still has some false positives, wrt packages in + stable that are present in stable, but not vulnerable, but these + will be ironed out soon). The oldstable data is likely inaccurate. +- Generate a list of packages that are subject to security problems, but + stuck in testing migration due to problems with the dependency chain + and thus candidates for a DTSA +- Generate a list of TODO issues that need to be adressed +- Generate a list of packages that will enter Debian soon and need to + be checked for security problems +- Generate a list of provisional IDs that need to be turned into proper + CVE entries +- Show some potential problems in the data pool (e.g. misspelled package + names not found in the packages list, or potentially missing epochs) +For every security problem it displays +- The CVE information +- A severity assessment by NVD +- Cross references to DTSAs, DSAs and bugs in the BTS +- The status of a security problem in stable, oldstable, testing and sid +- Additional notes from our tracker The DSA list ------------ @@ -319,37 +327,6 @@ The bin/dsa2list script can be used to generate a template for a new DSA entry once the official DSA is published on the web. You should not blindly trust the script output and double-check it, though. -The security bug tracker ------------------------- -There is a more detailed tracker that provides a lot more views into this -information, its here: -http://idssi.enyo.de/tracker/ - -It incorporates package lists and parses distribution lists and can -thus be used to -- Present the security history of a package -- Provide overviews of vulnerable packages in stable, testing, sid and - oldstable (it still has some false positives, wrt packages in - stable that are present in stable, but not vulnerable, but these - will be ironed out soon). The oldstable data is likely inaccurate. -- Generate a list of packages that are subject to security problems, but - stuck in testing migration due to problems with the dependency chain - and thus candidates for a DTSA -- Generate a list of TODO issues that need to be adressed -- Generate a list of packages that will enter Debian soon and need to - be checked for security problems -- Generate a list of provisional IDs that need to be turned into proper - CVE entries -- Show some potential problems in the data pool (e.g. misspelled package - names not found in the packages list, or potentially missing epochs) - -For every security problem it displays -- The CVE information -- A severity assessment by NVD -- Cross references to DTSAs, DSAs and bugs in the BTS -- The status of a security problem in stable, oldstable, testing and sid -- Additional notes from our tracker - Following up on security issues ------------------------------- By simply loading this page and doing a little gardening of the |