some additional bits :)

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6826 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 18 insertions, 10 deletions

diff --git a/doc/bits_2007_10_x b/doc/bits_2007_10_x
index a3581adb61..afec80029f 100644
--- a/doc/bits_2007_10_x
+++ b/doc/bits_2007_10_x
@@ -17,8 +17,9 @@ to testing, we felt the need of changing our security announcements.
 Therefore, we set up daily announcements going to the announcement
 mailinglist[0], which include all new security fixes for the testing
 distribution. Most commonly the email shows the migrated packages.
-If there has been a DTSA issued for a package, this will show up as
-well. In some rare cases, the Testing Security Team asks the release
+If there has been a DTSA(Debian Testing Security Advisory) issued for
+a package, this will show up as well.
+In some rare cases, the Testing Security Team asks the release
 managers to remove a package from unstable, because a security fix in
 a reasonable amount of time seems to be unlikely and the package should
 not be offered in our opinion. In this case, the email will inform
@@ -29,11 +30,12 @@ about such a case as well.
 Efforts to fix security issues in unstable
 ------------------------------------------
 
-The Testing Security Team works mainly on the issued CVE numbers. If
+The Testing Security Team works mainly on the issued CVE numbers but also
+follows security relevant bugs reported via the BTS. If
 you encounter a security problem in one of your packages, which does
 not have a CVE number yet, please contact the Testing Security Team.
 It is important to have such a CVE id, because they allow us to track
-the security problem in all debian branches (including Debian stable).
+the security problem in all Debian branches (including Debian stable).
 When you upload a security fix to unstable, please also include the
 CVE id in your changelog and set the priority to high. The tracker used
 by both, Testing and Stable Security Team, can be found on this
@@ -58,7 +60,7 @@ Efforts to fix security issues in testing
 As already mentioned, the main effort to keep testing secure is by
 letting fixed packages migrate from unstable. In order to ensure this
 migration process, we are in close contact with the release team and
-sometimes request a bump of the priority. Sometimes a package is
+request priority bumps to speed up the migration. Sometimes a package is
 kept from migrating due to a transition, the occurrence of new bugs in
 unstable, buildd issues or other problems. In these cases, the Testing
 Security Team considers to issue a DTSA. We always appreciate, if a
@@ -71,10 +73,20 @@ one of us, please follow the guidelines on the webpage[3]. If we feel
 the need to issue a DTSA and were not contacted by the maintainer,
 we normally go ahead and upload ourselves, although the maintainer
 effort is much preferred.
-An up to date overview of unresolved issues in unstable can be found on
+An up to date overview of unresolved issues in testing can be found on
 the tracker website[4].
 
 
+
+Some statistics
+---------------
+
+* 32 DTSAs had been issued in 2007 so far for over 120 CVE ids
+* 33 NMUs were uploaded in the last two months to fix security flaws
+* 40 security related uploads migrated to testing in the last month
+
+
+
 New Testing Security Members
 ----------------------------
 
@@ -90,11 +102,7 @@ Testing Security Team
 
 
 [0]: http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce
-
 [1]: http://security-tracker.debian.net/tracker/
-
 [2]: http://security-tracker.debian.net/tracker/status/release/unstable
-
 [3]: http://secure-testing-master.debian.net/uploading.html
-
 [4]: http://security-tracker.debian.net/tracker/status/release/testing