Author: nion
Date: 2007-10-07 14:17:40 +0000 (Sun, 07 Oct 2007)
New Revision: 6854
Modified:
website/helping.html
Log:
further documentation
Modified: website/helping.html
==================================================================---
website/helping.html 2007-10-07 13:42:57 UTC (rev 6853)
+++ website/helping.html 2007-10-07 14:17:40 UTC (rev 6854)
@@ -36,18 +36,31 @@
</table>
<h2>As non-Debian Developer</h2>
- <p>Sure you can also help improving Debian''s security in
testing/unstable without being an official developer</p>
+ <p>Sure you can also help improving Debian''s security in
testing/unstable without being an official developer.</p>
<ul>
- <li>work on the <a href="index.html#tracker">security
tracker</a>, <a
href="http://alioth.debian.org/project/request.php?group_id=30437">request</a>
to get added
+ <li>Work on the <a href="index.html#tracker">security
tracker</a>, <a
href="http://alioth.debian.org/project/request.php?group_id=30437">request</a>
to get added
to the secure-testing group an <a
href="http://alioth.debian.org/">alioth</a> since we use
subversion located on alioth to manipulate the tracker data. Make sure to read
our <a
href="http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0">narrative
introduction</a> if you start with this.</li>
- <li>track bugs reported to the <a
href="http://bugs.debian.org">Debian BTS</a> for security
flaws and help on fixing them and getting a <a
href="http://cve.mitre.org">CVE</a>
- id for it if none exist yet (please <a
href="index.html#contact">contact the team</a> for this).
- <li>report vulnerabilities for software Debian includes in a package to
the <a href="http://bugs.debian.org">Debian BTS</a>.
Please use the tag <em>security</em> and include the CVE id there is
already one available.</li>
+ <li>Track bugs reported to the <a
href="http://bugs.debian.org">Debian BTS</a> for security
flaws and help on fixing them and getting a <a
href="http://cve.mitre.org">CVE</a>
+ id for it if none exists yet (please <a
href="index.html#contact">contact the team</a> for this).
+ <li>Report vulnerabilities for software Debian includes in a package to
the <a href="http://bugs.debian.org">Debian BTS</a>.
Please use the tag <em>security</em> and include the CVE id there is
already one available.</li>
</ul>
<h2>As Debian package maintainer</h2>
+ <p>There are a few things to keep in mind as a maintainer to make the
work of the testing-security team a bit easier.</p>
+ <ul>
+ <li>Watch out for security relevant bugs reported in your packages and
react fast on them. <a
href="index.html#contact">Contact</a> the team if you need
assistance.</li>
+ <li>Make descriptive, meaningful changelog entries. This means to
always include CVE ids in the package changelog for bugs that have one and to
mention that this is a <em>security</em> upload.</li>
+ <li><a href="index.html#contact">Contact</a> the
team if you fix bugs which are not reported to the BTS but have a CVE id so we
can mark the version as fixed in the security tracker.</li>
+ <li><a href="uploading.html">Upload</a> your
package to the <em>testing-security</em> repository if the migration
from unstable would take too long for some reason.</li>
+ <li>The upload should have <em>urgency=high</em> to ensure
a fast migration to testing.</li>
+ </ul>
<h2>As Debian Developer</h2>
+ <p>As a developer you can do basically the same work as described above
for non-Debian developers except a few things</p>
+ <ul>
+ <li>Help on doing <a
href="http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-nmu">NMUs</a>
to unstable for bugs reported to the BTS with security impact. Make it obvious
that this an upload by the testing security team, use descriptive changelog
entries and mention the CVE ids for the bugs your are fixing.</li>
+ </ul>
+
<hr><p>$Id: helping.html 6493 2007-09-04 11:06:04Z nion $</p>
<a href="http://validator.w3.org/check?uri=referer">
<img border="0"
src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML
4.01!" height="31" width="88"></a>