[Secure-testing-commits] r59019 - doc/security-team.d.o
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 29 19:16:50 UTC 2017
Author: carnil
Date: 2017-12-29 19:16:50 +0000 (Fri, 29 Dec 2017)
New Revision: 59019
Modified:
doc/security-team.d.o/security_tracker
Log:
Cleanup documentation after move from Alioth to Salsa
Reference the git repository and remove the sections referring to
git-svn.
Replace mentioning of the KGB bot with the salsabot.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
Modified: doc/security-team.d.o/security_tracker
===================================================================
--- doc/security-team.d.o/security_tracker 2017-12-29 19:16:47 UTC (rev 59018)
+++ doc/security-team.d.o/security_tracker 2017-12-29 19:16:50 UTC (rev 59019)
@@ -9,12 +9,12 @@
"[Debian doesn't hide problems](https://www.debian.org/social_contract)" available.
The best thing about our tracking *system* is that it is very basic.
-There is no overhead of web-based ticket/issue trackers, it's
-just a Subversion (SVN) repository and some text files that we
-collaboratively edit and then some scripts to parse these files and
-generate useful reports available online. Everything is designed to be
-very simple to use, transparent and easy to see what other people are
-working on so you can work on other things.
+There is no overhead of web-based ticket/issue trackers, it's just a Git
+repository and some text files that we collaboratively edit and then
+some scripts to parse these files and generate useful reports available
+online. Everything is designed to be very simple to use, transparent and
+easy to see what other people are working on so you can work on other
+things.
Gentle Introduction
-------------------
@@ -23,50 +23,23 @@
structured, and how we do our work while tracking issues.
The best way to understand is to check out our repository from
-Subversion so you have the files on your computer and can follow along
+Git so you have the files on your computer and can follow along
at home. To do this you just need to do the following:
- svn co svn+ssh://<alioth user name>@svn.debian.org/svn/secure-testing
+ git clone --recursive git at salsa.debian.org:security-tracker-team/security-tracker.git
This will check out the working repository (given that you already have
-an [Alioth account](https://alioth.debian.org/account/register.php) and [public key authentication already set up](https://wiki.debian.org/Alioth/SSH). After successful downloading,
-you will have a new directory called `secure-testing`. Inside this directory
-are a number of subdirectories. The `data` directory is where we do most of
-our work.
+an [Salsa
+account](https://wiki.debian.org/Salsa/Doc#Users:_Login_and_Registration).
+After successful downloading, you will have a new directory called
+`security-tracker`. Inside this directory are a number of
+subdirectories. The `data` directory is where we do most of our work.
-Note that the name of the Subversion repository is historical;
-the tracker is not specially related to testing-security, but for Debian
-security at large.
-
-If you don't have an Alioth account, [you can create one](https://alioth.debian.org/account/register.php). You can then join [the team](https://alioth.debian.org/projects/secure-testing) by clicking the [*Request to join* link](https://alioth.debian.org/project/request.php?group_id=30437).
-
If you don't need write access, you can of course check out our files
-without an Alioth account as well:
+without a Salsa account as well:
- svn co svn://anonscm.debian.org/svn/secure-testing
+ git clone --recursive https://salsa.debian.org/security-tracker-team/security-tracker.git
-If you are a Git fan, you can also use git-svn. Once you have the
-git-svn package installed, you can clone the Subversion repository into
-your own local Git repository with:
-
- git svn clone svn+ssh://<alioth user name>@svn.debian.org/svn/secure-testing
-
-Note that this will take a very long time (expect over two hours) since
-every commit from the very beginning (over 12,000 at this point) is
-checked out individually and merged into your Git repository.
-
-### Subversion and git-svn Crash Course
-
-
-The following table lists the most common/useful commands for working
-with the secure-testing repository:
-
- subversion | git-svn | action
- -----------------|-------------------|------------------------------
- `svn update` | `git svn rebase` | sync your local repo from remote secure-testing repo
- `svn commit` | `git svn dcommit` | commit your changes to the remote secure-testing repo (note that `git commit -a` only updates your local repo)
- `svn diff` | `git diff` | compare your local repo to remote secure-testing repo
-
The CVE list (`CVE/list`)
-------------------------
@@ -77,11 +50,12 @@
also syncs that file with other lists like `data/DSA/list` and
`data/DTSA/list`.
-These automatic commits as well as all Subversion commits are notified via either the [secure-testing-commits mailing list](https://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits),
-or via the [KGB IRC bot](https://packages.debian.org/sid/kgb-bot) in the #debian-security channel on the [OFTC IRC network](http://www.oftc.net/). For example, the bot
+These automatic commits as well as all git commits are notified via either the [secure-testing-commits mailing list](https://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits),
+or via the Irker IRC bot in the #debian-security channel on the [OFTC IRC network](http://www.oftc.net/). For example, the bot
could say in the channel:
- 17:14 < KGB-0> sectracker r21191 data/CVE/list * automatic update
+ 17:14 <salsabot> [security-tracker] sectracker role account pushed pushed 1 new commit to master: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37b0fb27...2bf425d5
+ 17:14 <salsabot> security-tracker/master 37b0fb27 sectracker role account (1 file): automatic update
Most of our work consists of taking new issues that MITRE releases and
processing them so that the tracking data is correct. Read on for an
@@ -90,7 +64,7 @@
### Processing `TODO` entries
The MITRE update typically manifests in new CVE entries. So what we do
-is update our Subversion repository and then edit `data/CVE/list` and look
+is update our Git repository and then edit `data/CVE/list` and look
for new `TODO` entries. These will often be in blocks of 10-50 or so,
depending on how many new issues have been assigned by MITRE.
@@ -573,7 +547,7 @@
Commits are checked for syntax errors before they are actually committed,
and you'll receive an error and your commit is aborted if it is in error.
To check your changes yourself beforehand, use `make check-syntax` from
-the root of the SVN directory.
+the root of the Git directory.
Following up on security issues
-------------------------------
More information about the Secure-testing-commits
mailing list