summaryrefslogtreecommitdiffstats
path: root/website
diff options
context:
space:
mode:
authorNico Golde <nion@debian.org>2007-10-07 14:17:40 +0000
committerNico Golde <nion@debian.org>2007-10-07 14:17:40 +0000
commit68fe8f842d6803e1e692e8df9f572b74ea8a6b53 (patch)
tree0efe65a3aa65dc6a77ebc2b018c06e896ea91169 /website
parentb9b548231ca4c4d4c45040a46900808595f6eafd (diff)
further documentation
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6854 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'website')
-rw-r--r--website/helping.html23
1 files changed, 18 insertions, 5 deletions
diff --git a/website/helping.html b/website/helping.html
index bdbeb02210..445a5f26d5 100644
--- a/website/helping.html
+++ b/website/helping.html
@@ -36,17 +36,30 @@
</table>
<h2>As non-Debian Developer</h2>
- <p>Sure you can also help improving Debian's security in testing/unstable without being an official developer</p>
+ <p>Sure you can also help improving Debian's security in testing/unstable without being an official developer.</p>
<ul>
- <li>work on the <a href="index.html#tracker">security tracker</a>, <a href="http://alioth.debian.org/project/request.php?group_id=30437">request</a> to get added
+ <li>Work on the <a href="index.html#tracker">security tracker</a>, <a href="http://alioth.debian.org/project/request.php?group_id=30437">request</a> to get added
to the secure-testing group an <a href="http://alioth.debian.org/">alioth</a> since we use subversion located on alioth to manipulate the tracker data. Make sure to read our <a href="http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0">narrative introduction</a> if you start with this.</li>
- <li>track bugs reported to the <a href="http://bugs.debian.org">Debian BTS</a> for security flaws and help on fixing them and getting a <a href="http://cve.mitre.org">CVE</a>
- id for it if none exist yet (please <a href="index.html#contact">contact the team</a> for this).
- <li>report vulnerabilities for software Debian includes in a package to the <a href="http://bugs.debian.org">Debian BTS</a>. Please use the tag <em>security</em> and include the CVE id there is already one available.</li>
+ <li>Track bugs reported to the <a href="http://bugs.debian.org">Debian BTS</a> for security flaws and help on fixing them and getting a <a href="http://cve.mitre.org">CVE</a>
+ id for it if none exists yet (please <a href="index.html#contact">contact the team</a> for this).
+ <li>Report vulnerabilities for software Debian includes in a package to the <a href="http://bugs.debian.org">Debian BTS</a>. Please use the tag <em>security</em> and include the CVE id there is already one available.</li>
</ul>
<h2>As Debian package maintainer</h2>
+ <p>There are a few things to keep in mind as a maintainer to make the work of the testing-security team a bit easier.</p>
+ <ul>
+ <li>Watch out for security relevant bugs reported in your packages and react fast on them. <a href="index.html#contact">Contact</a> the team if you need assistance.</li>
+ <li>Make descriptive, meaningful changelog entries. This means to always include CVE ids in the package changelog for bugs that have one and to mention that this is a <em>security</em> upload.</li>
+ <li><a href="index.html#contact">Contact</a> the team if you fix bugs which are not reported to the BTS but have a CVE id so we can mark the version as fixed in the security tracker.</li>
+ <li><a href="uploading.html">Upload</a> your package to the <em>testing-security</em> repository if the migration from unstable would take too long for some reason.</li>
+ <li>The upload should have <em>urgency=high</em> to ensure a fast migration to testing.</li>
+ </ul>
<h2>As Debian Developer</h2>
+ <p>As a developer you can do basically the same work as described above for non-Debian developers except a few things</p>
+ <ul>
+ <li>Help on doing <a href="http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-nmu">NMUs</a> to unstable for bugs reported to the BTS with security impact. Make it obvious that this an upload by the testing security team, use descriptive changelog entries and mention the CVE ids for the bugs your are fixing.</li>
+ </ul>
+
<hr><p>$Id: helping.html 6493 2007-09-04 11:06:04Z nion $</p>
<a href="http://validator.w3.org/check?uri=referer">

© 2014-2024 Faster IT GmbH | imprint | privacy policy