[Secure-testing-commits] r3030 - doc

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-12-14 09:08:44 +0000 (Wed, 14 Dec 2005)
New Revision: 3030

Modified:
   doc/narrative_introduction
Log:
document DSA/list and curly cross-refs


Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction	2005-12-14 09:00:25 UTC (rev 3029)
+++ doc/narrative_introduction	2005-12-14 09:08:44 UTC (rev 3030)
@@ -275,6 +275,33 @@
 fixed in unstable that haven't migrated to testing, and the number of
 TODO items that we have to process still.
 
+
+The DSA list
+------------
+We maintain a list of all DSA advisories issued by the stable security
+team. This information is used to derive information about the state
+of security problems for the stable and oldstable distribution. An
+entry for a DSA looks like this:
+
+[21 Nov 2005] DSA-903-1 unzip - race condition
+        {CVE-2005-2475}
+        [woody] - unzip 5.50-1woody4
+        [sarge] - unzip 5.52-1sarge2
+        NOTE: fixed in testing at time of DSA
+
+The first line tracks the date, when a DSA was issued, the DSA identifier,
+the affected source package and the type of vulnerability.
+The second line performs a cross-reference to the entry in CVE/list that
+maintains the state of the vulnerability in sid. Every entry that is
+added like this to DSA/list is parsed by a script and automatically added
+to CVE/list, so there's no need to add references to the CVE list manually
+(although you could).
+The next lines contain the fixes for stable and optionally oldstable, addressed
+with distribution tags.
+You may add NOTE: entries freely, we use a NOTE entry for statistical purposes
+that tracks, when a fix has reached testing relative to the time when it hit
+stable.
+
 TODO
 ----
 Document Florian's tracker
@@ -305,7 +332,5 @@
 
 
 TODO:
-document {} cross refs
-document DSA/list
 document DTSAs
 document tsck