diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2005-12-14 09:22:04 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2005-12-14 09:22:04 +0000 |
| commit | 594da6e422071836c313c59023f6d71c0c017e75 (patch) | |
| tree | b195095b415c5d64ba6ec04850d51a31f276281f /doc/narrative_introduction | |
| parent | a2a5a9e82ef1909894ac64f9c071de33fa0b99ad (diff) | |
document the security tracker; Florian please fix
eventual mistakes
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3032 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
| -rw-r--r-- | doc/narrative_introduction | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index a19dfc064f..ba58617dd1 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -302,13 +302,39 @@ You may add NOTE: entries freely, we use a NOTE entry for statistical purposes that tracks, when a fix has reached testing relative to the time when it hit stable. -TODO ----- -Document Florian's tracker -There is a more detailed tracker that is still under development, but -provides a lot more views into this information, its here: +The security bug tracker +------------------------ +There is a more detailed tracker that provides a lot more views into this +information, its here: http://idssi.enyo.de/tracker/ +It incorporates package lists and parses distribution lists and can +thus be used to +- Present the security history of a package +- Provide overviews of vulnerable packages in stable, testing, sid and + soon oldstable (it still has some false positives, wrt packages in + stable that are present in stable, but not vulnerable, but these + will be ironed out soon) +- Generate a list of packages that are subject to security problems, but + stuck in testing migration due to problems with the dependency chain + and thus candidates for a DTSA +- Generate a list of TODO issues that need to be adressed +- Generate a list of packages that will enter Debian soon and need to + be checked for security problems +- Generate a list of provisional IDs that need to be turned into proper + CVE entries +- Show some potential problems in the data pool (e.g. misspelled package + names not found in the packages list, or potentially missing epochs) + +For every security problem it displays +- The CVE information +- A severity assessment by NVD +- Cross references to DTSAs, DSAs and bugs in the BTS +- The status of a security problem in stable, oldstable, testing and sid +- Additional notes from our tracker + +The only downside is that it's currently not updated automatically, but +only manually every few days, but that's going to be adressed soon. Following up on security issues ------------------------------- @@ -334,3 +360,5 @@ helps!) TODO: document DTSAs document tsck +document CVE-XXXX +document tracked tag |