Author: nion Date: 2007-10-07 14:17:40 +0000 (Sun, 07 Oct 2007) New Revision: 6854 Modified: website/helping.html Log: further documentation Modified: website/helping.html ==================================================================--- website/helping.html 2007-10-07 13:42:57 UTC (rev 6853) +++ website/helping.html 2007-10-07 14:17:40 UTC (rev 6854) @@ -36,18 +36,31 @@ </table> <h2>As non-Debian Developer</h2> - <p>Sure you can also help improving Debian''s security in testing/unstable without being an official developer</p> + <p>Sure you can also help improving Debian''s security in testing/unstable without being an official developer.</p> <ul> - <li>work on the <a href="index.html#tracker">security tracker</a>, <a href="http://alioth.debian.org/project/request.php?group_id=30437">request</a> to get added + <li>Work on the <a href="index.html#tracker">security tracker</a>, <a href="http://alioth.debian.org/project/request.php?group_id=30437">request</a> to get added to the secure-testing group an <a href="http://alioth.debian.org/">alioth</a> since we use subversion located on alioth to manipulate the tracker data. Make sure to read our <a href="http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0">narrative introduction</a> if you start with this.</li> - <li>track bugs reported to the <a href="http://bugs.debian.org">Debian BTS</a> for security flaws and help on fixing them and getting a <a href="http://cve.mitre.org">CVE</a> - id for it if none exist yet (please <a href="index.html#contact">contact the team</a> for this). - <li>report vulnerabilities for software Debian includes in a package to the <a href="http://bugs.debian.org">Debian BTS</a>. Please use the tag <em>security</em> and include the CVE id there is already one available.</li> + <li>Track bugs reported to the <a href="http://bugs.debian.org">Debian BTS</a> for security flaws and help on fixing them and getting a <a href="http://cve.mitre.org">CVE</a> + id for it if none exists yet (please <a href="index.html#contact">contact the team</a> for this). + <li>Report vulnerabilities for software Debian includes in a package to the <a href="http://bugs.debian.org">Debian BTS</a>. Please use the tag <em>security</em> and include the CVE id there is already one available.</li> </ul> <h2>As Debian package maintainer</h2> + <p>There are a few things to keep in mind as a maintainer to make the work of the testing-security team a bit easier.</p> + <ul> + <li>Watch out for security relevant bugs reported in your packages and react fast on them. <a href="index.html#contact">Contact</a> the team if you need assistance.</li> + <li>Make descriptive, meaningful changelog entries. This means to always include CVE ids in the package changelog for bugs that have one and to mention that this is a <em>security</em> upload.</li> + <li><a href="index.html#contact">Contact</a> the team if you fix bugs which are not reported to the BTS but have a CVE id so we can mark the version as fixed in the security tracker.</li> + <li><a href="uploading.html">Upload</a> your package to the <em>testing-security</em> repository if the migration from unstable would take too long for some reason.</li> + <li>The upload should have <em>urgency=high</em> to ensure a fast migration to testing.</li> + </ul> <h2>As Debian Developer</h2> + <p>As a developer you can do basically the same work as described above for non-Debian developers except a few things</p> + <ul> + <li>Help on doing <a href="http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-nmu">NMUs</a> to unstable for bugs reported to the BTS with security impact. Make it obvious that this an upload by the testing security team, use descriptive changelog entries and mention the CVE ids for the bugs your are fixing.</li> + </ul> + <hr><p>$Id: helping.html 6493 2007-09-04 11:06:04Z nion $</p> <a href="http://validator.w3.org/check?uri=referer"> <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>