[Secure-testing-commits] r3032 - doc
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Dec 14 09:22:04 UTC 2005
Author: jmm-guest
Date: 2005-12-14 09:22:04 +0000 (Wed, 14 Dec 2005)
New Revision: 3032
Modified:
doc/narrative_introduction
Log:
document the security tracker; Florian please fix
eventual mistakes
Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction 2005-12-14 09:14:19 UTC (rev 3031)
+++ doc/narrative_introduction 2005-12-14 09:22:04 UTC (rev 3032)
@@ -302,14 +302,40 @@
that tracks, when a fix has reached testing relative to the time when it hit
stable.
-TODO
-----
-Document Florian's tracker
-There is a more detailed tracker that is still under development, but
-provides a lot more views into this information, its here:
+The security bug tracker
+------------------------
+There is a more detailed tracker that provides a lot more views into this
+information, its here:
http://idssi.enyo.de/tracker/
+It incorporates package lists and parses distribution lists and can
+thus be used to
+- Present the security history of a package
+- Provide overviews of vulnerable packages in stable, testing, sid and
+ soon oldstable (it still has some false positives, wrt packages in
+ stable that are present in stable, but not vulnerable, but these
+ will be ironed out soon)
+- Generate a list of packages that are subject to security problems, but
+ stuck in testing migration due to problems with the dependency chain
+ and thus candidates for a DTSA
+- Generate a list of TODO issues that need to be adressed
+- Generate a list of packages that will enter Debian soon and need to
+ be checked for security problems
+- Generate a list of provisional IDs that need to be turned into proper
+ CVE entries
+- Show some potential problems in the data pool (e.g. misspelled package
+ names not found in the packages list, or potentially missing epochs)
+For every security problem it displays
+- The CVE information
+- A severity assessment by NVD
+- Cross references to DTSAs, DSAs and bugs in the BTS
+- The status of a security problem in stable, oldstable, testing and sid
+- Additional notes from our tracker
+
+The only downside is that it's currently not updated automatically, but
+only manually every few days, but that's going to be adressed soon.
+
Following up on security issues
-------------------------------
By simply loading this page and doing a little gardening of the
@@ -334,3 +360,5 @@
TODO:
document DTSAs
document tsck
+document CVE-XXXX
+document tracked tag
More information about the Secure-testing-commits
mailing list