[Secure-testing-commits] r4589 - doc

Joey Hess joeyh at costa.debian.org
Thu Aug 17 20:50:24 UTC 2006 

Author: joeyh
Date: 2006-08-17 20:50:19 +0000 (Thu, 17 Aug 2006)
New Revision: 4589

Modified:
   doc/narrative_introduction
Log:
update for tracker changes


Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction	2006-08-17 14:05:56 UTC (rev 4588)
+++ doc/narrative_introduction	2006-08-17 20:50:19 UTC (rev 4589)
@@ -265,27 +265,35 @@
 -----------------
 All of this tracking information gets automatically parsed and
 compared against madison to determine what has been fixed and what is
-still waiting, this results in this page:
+still waiting, this results in this website:
 
-http://spohr.debian.org/~joeyh/testing-security.html
+http://security-tracker.debian.net/
 
-This page tells us a number of things, for example:
+It incorporates package lists and parses distribution lists and can
+thus be used to
+- Present the security history of a package
+- Provide overviews of vulnerable packages in stable, testing, sid and
+  oldstable (it still has some false positives, wrt packages in
+  stable that are present in stable, but not vulnerable, but these
+  will be ironed out soon). The oldstable data is likely inaccurate.
+- Generate a list of packages that are subject to security problems, but
+  stuck in testing migration due to problems with the dependency chain
+  and thus candidates for a DTSA
+- Generate a list of TODO issues that need to be adressed
+- Generate a list of packages that will enter Debian soon and need to
+  be checked for security problems
+- Generate a list of provisional IDs that need to be turned into proper
+  CVE entries
+- Show some potential problems in the data pool (e.g. misspelled package
+  names not found in the packages list, or potentially missing epochs)
 
-abiword 2.2.10-1 needed, have 2.2.7-3 for CAN-2005-2964
+For every security problem it displays
+- The CVE information
+- A severity assessment by NVD
+- Cross references to DTSAs, DSAs and bugs in the BTS
+- The status of a security problem in stable, oldstable, testing and sid
+- Additional notes from our tracker
 
-This tells us that we know that this fix has been applied in debian
-package version 2.2.10-1, but testing only has 2.2.7-3. It has links to
-the reason why this hasn't entered testing yet, as well as the CAN
-reference at Mitre (given different background colors according to the
-severity). The ones with bugs have links directly to the bugs that have
-been filed. Additionally cross-references for DSAs are generated.
-
-At the bottom is a legend detailing the severity levels, the number of
-unfixed holes currently in testing, the number of holes that have been
-fixed in unstable that haven't migrated to testing, and the number of
-TODO items that we have to process still.
-
-
 The DSA list
 ------------
 We maintain a list of all DSA advisories issued by the stable security
@@ -319,37 +327,6 @@
 DSA entry once the official DSA is published on the web.  You should
 not blindly trust the script output and double-check it, though.
 
-The security bug tracker
-------------------------
-There is a more detailed tracker that provides a lot more views into this
-information, its here:  
-http://idssi.enyo.de/tracker/
-
-It incorporates package lists and parses distribution lists and can
-thus be used to
-- Present the security history of a package
-- Provide overviews of vulnerable packages in stable, testing, sid and
-  oldstable (it still has some false positives, wrt packages in
-  stable that are present in stable, but not vulnerable, but these
-  will be ironed out soon). The oldstable data is likely inaccurate.
-- Generate a list of packages that are subject to security problems, but
-  stuck in testing migration due to problems with the dependency chain
-  and thus candidates for a DTSA
-- Generate a list of TODO issues that need to be adressed
-- Generate a list of packages that will enter Debian soon and need to
-  be checked for security problems
-- Generate a list of provisional IDs that need to be turned into proper
-  CVE entries
-- Show some potential problems in the data pool (e.g. misspelled package
-  names not found in the packages list, or potentially missing epochs)
-
-For every security problem it displays
-- The CVE information
-- A severity assessment by NVD
-- Cross references to DTSAs, DSAs and bugs in the BTS
-- The status of a security problem in stable, oldstable, testing and sid
-- Additional notes from our tracker
-
 Following up on security issues
 -------------------------------
 By simply loading this page and doing a little gardening of the

More information about the Secure-testing-commits mailing list