Author: jmm-guest
Date: 2005-12-14 09:08:44 +0000 (Wed, 14 Dec 2005)
New Revision: 3030
Modified:
doc/narrative_introduction
Log:
document DSA/list and curly cross-refs
Modified: doc/narrative_introduction
==================================================================---
doc/narrative_introduction 2005-12-14 09:00:25 UTC (rev 3029)
+++ doc/narrative_introduction 2005-12-14 09:08:44 UTC (rev 3030)
@@ -275,6 +275,33 @@
fixed in unstable that haven''t migrated to testing, and the number of
TODO items that we have to process still.
+
+The DSA list
+------------
+We maintain a list of all DSA advisories issued by the stable security
+team. This information is used to derive information about the state
+of security problems for the stable and oldstable distribution. An
+entry for a DSA looks like this:
+
+[21 Nov 2005] DSA-903-1 unzip - race condition
+ {CVE-2005-2475}
+ [woody] - unzip 5.50-1woody4
+ [sarge] - unzip 5.52-1sarge2
+ NOTE: fixed in testing at time of DSA
+
+The first line tracks the date, when a DSA was issued, the DSA identifier,
+the affected source package and the type of vulnerability.
+The second line performs a cross-reference to the entry in CVE/list that
+maintains the state of the vulnerability in sid. Every entry that is
+added like this to DSA/list is parsed by a script and automatically added
+to CVE/list, so there''s no need to add references to the CVE list
manually
+(although you could).
+The next lines contain the fixes for stable and optionally oldstable, addressed
+with distribution tags.
+You may add NOTE: entries freely, we use a NOTE entry for statistical purposes
+that tracks, when a fix has reached testing relative to the time when it hit
+stable.
+
TODO
----
Document Florian''s tracker
@@ -305,7 +332,5 @@
TODO:
-document {} cross refs
-document DSA/list
document DTSAs
document tsck