diff options
| author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-04-19 23:28:54 +0000 |
|---|---|---|
| committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-04-19 23:28:54 +0000 |
| commit | db7b854df4e789dd092497d2029eef9a4e5369cc (patch) | |
| tree | 812eeebc3933c156fa6a5a62ed2398d7e1bd8a8f /doc/narrative_introduction | |
| parent | ba9e7b37b74bb3ba27321518250c421fa5b420b8 (diff) | |
some updates to wording of the narrative_introduction
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11654 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
| -rw-r--r-- | doc/narrative_introduction | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 2f23b1b6b8..79d46f140c 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -192,14 +192,25 @@ versions, does not ...) Bug numbers can be added as in the example above. To avoid duplicate bugs, "bug filed" can be added instead of "bug #123456" when the bug report has -been sent but the bug number is not yet known. The bug numbers are used -to add additional references for the overview page and the Security Bug -Tracker and they are parsed by a script that generates user tags "tracked" -for the user debian-security@lists.debian.org. This way you can generate -a BTS query for all issues in the BTS that are tagged "security" and are -not yet added to our tracker: +been sent but the bug number is not yet known (however, it is more +desirable to file the bug, wait for the BTS to assign a number, then update +the entry in the CVE list so that complete information is always available +in the tracker). The bug number is important because it makes it clear +that the maintainer has been contacted about the problem, and that they are +aware of their responsibility to work swiftly toward a fix. The bug +numbers are also used to add additional references for the overview page +and the Security Bug Tracker. They are parsed by a script that generates +user tags "tracked" for the user debian-security@lists.debian.org, which +enables BTS users to generate a query for all of the issues that are tagged +"security" but not yet added to the tracker: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked +Since CVEs often drop in bulk, submission of multiple CVEs in a single bug +report is permissable and encouraged. However, some maintainers have +indicated a preference for only one issue per bug report. The following +is a list of packages for which each CVE should be reported separately: + - php5 + A special exception is made for kernel related issues. The kernel-sec group will take care of them and file bugs if needed. |