From 36416a99df9b3242beaf4f55db34b0aec0820bdc Mon Sep 17 00:00:00 2001 From: Michael Gilbert Date: Wed, 27 Jul 2011 03:31:18 +0000 Subject: fix up some recent wording changes in the narrative doc git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17008 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- doc/narrative_introduction | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'doc/narrative_introduction') diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 7b3409a12f..505dee6419 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -158,22 +158,20 @@ set up an unstable chroot: http://www.debian.org/doc/manuals/reference/ch09#_chroot_system http://wiki.debian.org/Debootstrap -ITP/RFP packages ----------------- +Issues in ITP and/or RFP packages +--------------------------------- -If it is a package that someone has filed an RFP or ITP for, then that -is also noted, so it can be tracked to make sure that the issue is -resolved before the package enters the archive. ITPs are marked with -, while RFPs are simply mentioned in a NOTE: +If an issue is discovered in a package that has an RFP or ITP already filed, +then that is also noted in order to track the problem, and make sure it is +resolved before the package enters the archive. These issues are marked with +the tag. Note this includes both ITPs and RFPs since (from a security +tracking standpoint) there is no advantage in tracking them in separate ways. +An example entry for an ITP/RFP package is: CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...) - serendipity (bug #312413) -CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...) - NOT-FOR-US: Dokeos - NOTE: there is an RFP for Dokeos #433352 - Reserved entries ---------------- @@ -473,9 +471,9 @@ Checking in your changes After thoroughly researching each issue (as described above) and editing the relevant files, commit your changes. Peer review is done via the mailing list and IRC notifications (see "Automatic Issue Updates" above). -However, changes to the tracker website itself (e.g. the files in bin/) -should be vetted and approved before being committed. The preferred way -to do this is to send a patch to the +However, changes to the tracker website itself (e.g. the files in lib/* +and bin/tracker_service.py) should be vetted and approved before being +committed. The preferred way to do this is to send a patch to: debian-security-tracker@lists.debian.org mailing list. Commits are checked for syntax errors before they are actually committed, -- cgit v1.2.3