diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2005-12-09 12:21:23 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2005-12-09 12:21:23 +0000 |
commit | a5b0cb3a06a25da0b729960f5b4d6a2c7e793298 (patch) | |
tree | 8bb101580b9001b0bff02260428c08f73d267ff6 /doc/narrative_introduction | |
parent | e5cf4729f8901a830b2ea9dfd5fafbf4fa802d12 (diff) |
very nice document, I've added a remark about read-only access to
our data and documented the severities. (I guess this was the concensus
we had at Oldenburg, feel free to change/amend, especially the people
who couldn't be present in OL).
I'll add a chapter about the [sarge] tags later in the train.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2991 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
-rw-r--r-- | doc/narrative_introduction | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index b0e1fe7fde..a0bf1d66ae 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -60,6 +60,11 @@ This will check out our working repository into a directory called secure-testing. Inside this directory are a number of subdirectories. The data directory is where we do most of our work. +If you don't need write access, you can of course check out our files +without an Alioth account as well: + +svn co svn://svn.debian.org/svn/secure-testing + Automatic Issue Updates ----------------------- Twice a day a cronjob runs that pulls down the latest full CVE lists @@ -147,6 +152,25 @@ versions, does not ...) - php4 <unfixed> (bug #353585; medium) - php5 <unfixed> (bug #353585; medium) +Severity levels +--------------- +These levels are mostly used to prioritize the order in which security +problems are resolved. Anyway, we have a rough overview on how you should +assess these levels: + +unimportant: This problem does not affect the Debian binary package, e.g. + a vulnerable file, which is not built or a vulnerable file + in doc/foo/examples/ +low : A security problem, which has only mild security implications + and one would even be comfortable with if it continues to + be present +medium : A typical, exploitable security problem. +high : A typical, exploitable security problem, which you'll really + like to fix and at least implement a workaround. This could + be because the vulnerable code is very broadly used, because + an exploit is in the wild or because the attack vector is + very wide. + NOTE and TODO entries --------------------- There are many instances where more work has to be done to determine |