diff options
author | Luciano Bello <luciano@debian.org> | 2015-01-17 23:44:11 +0000 |
---|---|---|
committer | Luciano Bello <luciano@debian.org> | 2015-01-17 23:44:11 +0000 |
commit | c40f185378603bdaa24a6ec6e1c60d66d087eac5 (patch) | |
tree | c527fce2fc9a66ba134d41280feeeb2eaf4e2f59 /doc/security-team.d.o | |
parent | 992379d53f5786a27725df14ef55c88a6e6c8d95 (diff) |
documenting the change in the tracker with respect to experimental #718362
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31473 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/security-team.d.o')
-rw-r--r-- | doc/security-team.d.o/dsa_release | 13 | ||||
-rw-r--r-- | doc/security-team.d.o/security_tracker | 18 |
2 files changed, 29 insertions, 2 deletions
diff --git a/doc/security-team.d.o/dsa_release b/doc/security-team.d.o/dsa_release index c39b1d545a..1ab5536224 100644 --- a/doc/security-team.d.o/dsa_release +++ b/doc/security-team.d.o/dsa_release @@ -1 +1,12 @@ -https://wiki.debian.org/DebianSecurity/AdvisoryCreation +# Steps to release a DSA +To release + +[TOC] + +Preparing fixed packages +------------------------ + Doable by any DD + +Testing fixed packages +---------------------- + Doable by any DD diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker index c47436765f..ea59f1ffa4 100644 --- a/doc/security-team.d.o/security_tracker +++ b/doc/security-team.d.o/security_tracker @@ -159,7 +159,7 @@ set up an [unstable chroot](http://www.debian.org/doc/manuals/reference/ch09#_ch ### Packages in the archive -If the vulnerability refers to a package in the Debian archive, look +If the vulnerability refers to a package in the Debian archive (except for experimental, [see later](#packages-in-experimental-only)), look to see if the package is affected or not (sometimes newer versions that have the fixes have already been uploaded). @@ -250,6 +250,22 @@ add notes if you do change an undetermined issue to unfixed (unless you're also fixing the issue in the process, which is of course the ideal way to help/contribute). +### Packages in Experimental only +There are some packages that only exists in experimental. In that +case, place the distribution tag `experimental`. For example: + + CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...) + [experimental] - apport 2.12.6-1 (bug #727661) + +If the package is in unstable *and* in experimental, focus on unstable (we are +not tracking fixes in experimental). A note about the situation in experimental +is appreciate. For example: + + CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS ...) + - gnutls28 <unfixed> (bug #769154) + NOTE: in experimental fixed in 3.3.10-1 + + ### Issues in ITP and/or RFP packages If an issue is discovered in a package that has an RFP or ITP already filed, |