remove claiming discussion from documentation since that is never used anymore and clarify module tracking

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14458 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 17 insertions, 31 deletions

diff --git a/doc/narrative_introduction b/doc/narrative_introduction
index 1f534ae67f..3db17d2c9c 100644
--- a/doc/narrative_introduction
+++ b/doc/narrative_introduction
@@ -105,37 +105,24 @@ Processing TODO entries
 The Mitre update typically manifests in new CVE entries. So what we do
 is to update our svn repository and then edit data/CVE/list and look
 for new TODO entries. These will often be in blocks of 10-50 or so,
-depending on how many new issues they have assigned. Depending on how
-you feel you will "claim" a block of say 10 new entries by
-putting your name in the file at the beginning and the end of the new
-TODO entries and then commit the repository. This looks like this:
-
-begin claimed by jmm
-CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP
-usernams and ...)
- 	TODO: check
-CVE-2005-4065 (SQL injection vulnerability in the search module in
-Edgewall Trac ...)
- 	TODO: check
-CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums
-before 1.5.1 allows ...)
- 	TODO: check
-end claimed by jmm
-
-Once these are checked-in, then others will not do work on these TODO
-issues. 
-
-IMPORTANT: make sure to read: http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html
-
-Issues Not-For-Us (NFU)
+depending on how many new issues they have assigned.
+
+IMPORTANT: make sure to read: 
+http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html
+
+Issues NOT-FOR-US (NFU)
 -----------------------
 
-Processing your claimed entries is done by first seeing if the issue
-is related to any software packaged in Debian, if it isn't a package
-in Debian and has no ITP then you note that in the file. Another case
-are meta packages that only provide a downloader (e.g. flashplugin-nonfree).
-There is no way to mark such packages as we have no influence on the version
-and technically the code is not present in Debian.
+Processing entries is done by first seeing if the issue is related to any
+software packaged in Debian. If it isn't a package in Debian and has no
+ITP then you note that in the file with a 'NOT-FOR-US:' tag. Third-party
+modules are not yet packaged for Debian are also tagged as NFU; even if
+their parent software is packaged for Debian. The module names should be
+mentioned in the NFU note in order to make issues apparent if that module
+should ever receive a propper package.  Another case are meta packages
+that only provide a downloader (e.g. flashplugin-nonfree). There is no
+way to mark such packages as we have no influence on the version and
+technically the code is not present in Debian.
 
 Example:
 
@@ -147,8 +134,7 @@ There is a tool that helps with sorting out all the NOT-FOR-US issues:
 See "bin/check-new-issues -h". For the search functions in 
 check-new-issues to work, you need to have unstable in your 
 sources.list and have done "apt-get update" and "apt-file update". 
-Having libterm-readline-gnu-perl installed helps, too. Unfortunately,
-check-new-issues does not yet support the "claimed by" tags mentioned above.
+Having libterm-readline-gnu-perl installed helps, too.
 
 Please also make sure to check the wnpp list for possible <itp> items and
 the ftp-master removal list to see if the issue way maybe present in the past