From 457347db66fa8687f89e4bfe0949789a6785ebfa Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Tue, 25 Mar 2008 19:39:39 +0000 Subject: small fixes git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@8409 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- doc/narrative_introduction | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'doc/narrative_introduction') diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 213eb69074..b1d1a03ce4 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -68,15 +68,18 @@ svn co svn://svn.debian.org/svn/secure-testing Automatic Issue Updates ----------------------- Twice a day a cronjob runs that pulls down the latest full CVE lists -from Mitre, this automatically gets checked into data/CVE/list. We get -notified via either email +from Mitre, this automatically gets checked into data/CVE/list, and +also syncs that file with other lists like data/DSA/list and +data/DTSA/list. + +We get notified via either email (http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits) of every SVN commit, by RSS feed (http://svn.debian.org/wsvn/secure-testing/?op=rss&rev=0&sc=0&isdir=1) or via the CIA bot on #debian-security on OFTC. For example, the bot will say in the channel: -17:14 < CIA-1> joeyh * r2314 /data/CVE/list: automatic CAN database update +17:14 < CIA-1> joeyh * r2314 /data/CVE/list: automatic update Most of our work is taking the new issues that Mitre releases and processing them so that the tracking data is correct. Read on for how we @@ -192,8 +195,8 @@ a BTS query for all issues in the BTS that are tagged "security" and are not yet added to our tracker: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked -A special exception is made for kernel related issues. The kernel-sec group will take -care of them and file bugs if needed. +A special exception is made for kernel related issues. The kernel-sec +group will take care of them and file bugs if needed. If a vulnerability does not affect Debian, e.g. because the vulnerable code is not contained, it is marked as : @@ -367,8 +370,8 @@ you do need to add [sarge] or [woody] entries to CVE/list when there is a 'no-dsa' or 'not-affected' condition. The bin/dsa2list script can be used to generate a template for a new -DSA entry once the official DSA is published on the web. You should -not blindly trust the script output and double-check it, though. +DSA entry once the official DSA is published on debian-security-announce. +You should not blindly trust the script output and double-check it, though. Checking your changes --------------------- -- cgit v1.2.3