From c42bd409f89a0b33b57f3e28c9af722384c85ee0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= Date: Fri, 26 Feb 2021 15:53:07 +0100 Subject: doc/triage: minor spelling/typo/punctuation changes --- doc/security-team.d.o/triage | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'doc') diff --git a/doc/security-team.d.o/triage b/doc/security-team.d.o/triage index 40766ccb99..948026899a 100644 --- a/doc/security-team.d.o/triage +++ b/doc/security-team.d.o/triage @@ -10,8 +10,8 @@ Security updates affecting a released Debian suite can fall under three types: - Some issues are simply not worth fixing in a stable release (for multiple reasons, e.g. because they are mostly a PR hype, or because they are mitigated in Debian via a different config or toolchain hardening). -Every incoming security issues gets triaged. Security issues which are being flagged for the second category are being displayed in the -Debian Package Tracker (tracker.debian.org), in fact you might have been redirected from the PTS to his page. +Every incoming security issue gets triaged. Security issues which are being flagged for the second category are being displayed in the +Debian Package Tracker (tracker.debian.org), in fact you might have been redirected from the PTS to this page. For every CVE listed there, there are three possible options: @@ -20,14 +20,14 @@ https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-cas If you CC team@security.debian.org for the release.debian.org bug, the fixed version will get recorded in the Debian Securiy Tracker. - Some packages have a steady flow of security issues and there's also the option to postpone an update to a later time, in other words -to get piggybacked to a future DSA for a more severe security issue or held back until a few more low severity issues are known. In the +to get piggybacked onto a future DSA dedicated to a more severe security issue, or held back until a few more low severity issues are known. In the Security Tracker these are tracked with the state, often this means that a fix has been commited to e.g. a buster branch -in salsa, but no upload has been made yet. You can either send a mail to team@security.debian.org and we'll update the state or +in salsa, but no upload has been made yet. You can either send a mail to team@security.debian.org and we'll update the state, or you can also make the change yourself if you're familiar with the Security Tracker. -- Some packages should rather not be fixed at all, e.g. because the possible benefit does not outweigh the risk/costs of an update -or because an update is not possible (e.g. as it would introduce behavioural not appropriate for a stable release). In the +- Some packages should rather not be fixed at all, e.g. because the possible benefit does not outweigh the risk/costs of an update, +or because an update is not possible (e.g. as it would introduce behavioural changes not appropriate for a stable release). In the Security Tracker these are tracked with the state. You can either send a mail to team@security.debian.org and we'll update -the state or you can also make the change yourself if you're familiar with the Security Tracker. +the state, or you can also make the change yourself if you're familiar with the Security Tracker. Any of the three actions above will make the CVE ID disappear from the "low severity" entry in the Security Tracker. -- cgit v1.2.3