[Git][security-tracker-team/security-tracker][master] 3 commits: s-t.d.o/triage: Hilight postponed and ignored in code style

Salvatore Bonaccorso carnil at debian.org
Sat Feb 27 10:29:59 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58318a8c by Salvatore Bonaccorso at 2021-02-27T11:24:35+01:00
s-t.d.o/triage: Hilight postponed and ignored in code style

- - - - -
a291f4c4 by Salvatore Bonaccorso at 2021-02-27T11:24:57+01:00
Add some http references to explicitly refer to more detailed instrucitons

- - - - -
07236f75 by Salvatore Bonaccorso at 2021-02-27T11:29:31+01:00
s-t.do/triage: Correct sentence where an item will disapear from

- - - - -


1 changed file:

- doc/security-team.d.o/triage


Changes:

=====================================
doc/security-team.d.o/triage
=====================================
@@ -1,33 +1,31 @@
 Security updates affecting a released Debian suite can fall under three types:
 
 - The security issue(s) are important enough to warrant an out-of-band update released via security.debian.org which gets announced as a DSA.
-  These are getting announced via debian-security-announce and also redistributed via other sources (news feeds etc).
+  These are getting announced via [debian-security-announce](https://www.debian.org/security/) and also redistributed via other sources (news feeds etc).
 
-- Low severity updates can be included in point releases, which are getting released every 2-3 months (any user using the -proposed-updates
+- Low severity updates can be included in [point releases](https://wiki.debian.org/DebianReleases/PointReleases), which are getting released every 2-3 months (any user using the -proposed-updates
   mechanism can also use them before they get released). This provides a good balance between fixing low impact issues before the next stable
   release, which can simply all be installed in one go when a point release happens.
 
 - Some issues are simply not worth fixing in a stable release (for multiple reasons, e.g. because they are mostly a PR hype, or because they
   are mitigated in Debian via a different config or toolchain hardening).
 
-Every incoming security issue gets triaged. Security issues which are being flagged for the second category are being displayed in the
-Debian Package Tracker (tracker.debian.org), in fact you might have been redirected from the PTS to this page.
+Every incoming security issue gets triaged. Security issues which are being flagged for the second category are being displayed in the [Debian Package Tracker](https://tracker.debian.org), in fact you might have been redirected from the PTS to this page.
 
 For every CVE listed there, there are three possible options:
 
-- Prepare an update for the next point release following:
-https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions
-If you CC team at security.debian.org for the release.debian.org bug, the fixed version will get recorded in the Debian Security Tracker.
+- Prepare an update for the next point release following the developers reference [instructions](https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions)
+If you CC team at security.debian.org for the release.debian.org bug, the fixed version will get recorded in the [Debian Security Tracker](https://security-tracker.debian.org).
 
 - Some packages have a steady flow of security issues and there's also the option to postpone an update to a later time, in other words
 to get piggybacked onto a future DSA dedicated to a more severe security issue, or held back until a few more low severity issues are known. In the
-Security Tracker these are tracked with the <postponed> state, often this means that a fix has been committed to e.g. a buster branch
+Security Tracker these are tracked with the `<postponed>` state, often this means that a fix has been committed to e.g. a buster branch
 in salsa, but no upload has been made yet. You can either send a mail to team at security.debian.org and we'll update the state, or
-you can also make the change yourself if you're familiar with the Security Tracker.
+you can also make the change yourself if you're familiar with the [Security Tracker](https://security-team.debian.org/security_tracker.html).
 
 - Some packages should rather not be fixed at all, e.g. because the possible benefit does not outweigh the risk/costs of an update,
 or because an update is not possible (e.g. as it would introduce behavioural changes not appropriate for a stable release). In the
-Security Tracker these are tracked with the <ignored> state. You can either send a mail to team at security.debian.org and we'll update
+Security Tracker these are tracked with the `<ignored>` state. You can either send a mail to team at security.debian.org and we'll update
 the state, or you can also make the change yourself if you're familiar with the Security Tracker.
 
-Any of the three actions above will make the CVE ID disappear from the "low severity" entry in the Security Tracker.
+Any of the three actions above will make the CVE ID disappear from the "low severity" entry in the PTS.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1473508c2080b6dcbc78bc9015854a83c9db7fcc...07236f752173d03e603a7d25ef1672beebdb2a2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1473508c2080b6dcbc78bc9015854a83c9db7fcc...07236f752173d03e603a7d25ef1672beebdb2a2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210227/0e82accd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list