Author: thijs Date: 2008-03-25 19:39:39 +0000 (Tue, 25 Mar 2008) New Revision: 8409 Modified: doc/narrative_introduction Log: small fixes Modified: doc/narrative_introduction ==================================================================--- doc/narrative_introduction 2008-03-25 16:57:23 UTC (rev 8408) +++ doc/narrative_introduction 2008-03-25 19:39:39 UTC (rev 8409) @@ -68,15 +68,18 @@ Automatic Issue Updates ----------------------- Twice a day a cronjob runs that pulls down the latest full CVE lists -from Mitre, this automatically gets checked into data/CVE/list. We get -notified via either email +from Mitre, this automatically gets checked into data/CVE/list, and +also syncs that file with other lists like data/DSA/list and +data/DTSA/list. + +We get notified via either email (http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits) of every SVN commit, by RSS feed (http://svn.debian.org/wsvn/secure-testing/?op=rss&rev=0&sc=0&isdir=1) or via the CIA bot on #debian-security on OFTC. For example, the bot will say in the channel: -17:14 < CIA-1> joeyh * r2314 /data/CVE/list: automatic CAN database update +17:14 < CIA-1> joeyh * r2314 /data/CVE/list: automatic update Most of our work is taking the new issues that Mitre releases and processing them so that the tracking data is correct. Read on for how we @@ -192,8 +195,8 @@ not yet added to our tracker: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security at lists.debian.org;exclude=tracked -A special exception is made for kernel related issues. The kernel-sec group will take -care of them and file bugs if needed. +A special exception is made for kernel related issues. The kernel-sec +group will take care of them and file bugs if needed. If a vulnerability does not affect Debian, e.g. because the vulnerable code is not contained, it is marked as <not-affected>: @@ -367,8 +370,8 @@ is a ''no-dsa'' or ''not-affected'' condition. The bin/dsa2list script can be used to generate a template for a new -DSA entry once the official DSA is published on the web. You should -not blindly trust the script output and double-check it, though. +DSA entry once the official DSA is published on debian-security-announce. +You should not blindly trust the script output and double-check it, though. Checking your changes ---------------------