Author: jmm-guest Date: 2005-12-14 09:22:04 +0000 (Wed, 14 Dec 2005) New Revision: 3032 Modified: doc/narrative_introduction Log: document the security tracker; Florian please fix eventual mistakes Modified: doc/narrative_introduction ==================================================================--- doc/narrative_introduction 2005-12-14 09:14:19 UTC (rev 3031) +++ doc/narrative_introduction 2005-12-14 09:22:04 UTC (rev 3032) @@ -302,14 +302,40 @@ that tracks, when a fix has reached testing relative to the time when it hit stable. -TODO ----- -Document Florian''s tracker -There is a more detailed tracker that is still under development, but -provides a lot more views into this information, its here: +The security bug tracker +------------------------ +There is a more detailed tracker that provides a lot more views into this +information, its here: http://idssi.enyo.de/tracker/ +It incorporates package lists and parses distribution lists and can +thus be used to +- Present the security history of a package +- Provide overviews of vulnerable packages in stable, testing, sid and + soon oldstable (it still has some false positives, wrt packages in + stable that are present in stable, but not vulnerable, but these + will be ironed out soon) +- Generate a list of packages that are subject to security problems, but + stuck in testing migration due to problems with the dependency chain + and thus candidates for a DTSA +- Generate a list of TODO issues that need to be adressed +- Generate a list of packages that will enter Debian soon and need to + be checked for security problems +- Generate a list of provisional IDs that need to be turned into proper + CVE entries +- Show some potential problems in the data pool (e.g. misspelled package + names not found in the packages list, or potentially missing epochs) +For every security problem it displays +- The CVE information +- A severity assessment by NVD +- Cross references to DTSAs, DSAs and bugs in the BTS +- The status of a security problem in stable, oldstable, testing and sid +- Additional notes from our tracker + +The only downside is that it''s currently not updated automatically, but +only manually every few days, but that''s going to be adressed soon. + Following up on security issues ------------------------------- By simply loading this page and doing a little gardening of the @@ -334,3 +360,5 @@ TODO: document DTSAs document tsck +document CVE-XXXX +document tracked tag