Author: gilbert-guest Date: 2011-07-27 03:31:18 +0000 (Wed, 27 Jul 2011) New Revision: 17008 Modified: doc/narrative_introduction Log: fix up some recent wording changes in the narrative doc Modified: doc/narrative_introduction ==================================================================--- doc/narrative_introduction 2011-07-27 03:22:14 UTC (rev 17007) +++ doc/narrative_introduction 2011-07-27 03:31:18 UTC (rev 17008) @@ -158,22 +158,20 @@ http://www.debian.org/doc/manuals/reference/ch09#_chroot_system http://wiki.debian.org/Debootstrap -ITP/RFP packages ----------------- +Issues in ITP and/or RFP packages +--------------------------------- -If it is a package that someone has filed an RFP or ITP for, then that -is also noted, so it can be tracked to make sure that the issue is -resolved before the package enters the archive. ITPs are marked with -<itp>, while RFPs are simply mentioned in a NOTE: +If an issue is discovered in a package that has an RFP or ITP already filed, +then that is also noted in order to track the problem, and make sure it is +resolved before the package enters the archive. These issues are marked with +the <itp> tag. Note this includes both ITPs and RFPs since (from a security +tracking standpoint) there is no advantage in tracking them in separate ways. +An example entry for an ITP/RFP package is: CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...) - serendipity <itp> (bug #312413) -CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...) - NOT-FOR-US: Dokeos - NOTE: there is an RFP for Dokeos #433352 - Reserved entries ---------------- @@ -473,9 +471,9 @@ After thoroughly researching each issue (as described above) and editing the relevant files, commit your changes. Peer review is done via the mailing list and IRC notifications (see "Automatic Issue Updates" above). -However, changes to the tracker website itself (e.g. the files in bin/) -should be vetted and approved before being committed. The preferred way -to do this is to send a patch to the +However, changes to the tracker website itself (e.g. the files in lib/* +and bin/tracker_service.py) should be vetted and approved before being +committed. The preferred way to do this is to send a patch to: debian-security-tracker at lists.debian.org mailing list. Commits are checked for syntax errors before they are actually committed,