From a2d202db017bd7182a0880849852ffec0ff9467b Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 29 Dec 2017 19:16:50 +0000 Subject: Cleanup documentation after move from Alioth to Salsa Reference the git repository and remove the sections referring to git-svn. Replace mentioning of the KGB bot with the salsabot. Signed-off-by: Salvatore Bonaccorso git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@59019 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- doc/security-team.d.o/security_tracker | 68 +++++++++++----------------------- 1 file changed, 21 insertions(+), 47 deletions(-) (limited to 'doc/security-team.d.o') diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker index 4911eef0b9..e856e3fd27 100644 --- a/doc/security-team.d.o/security_tracker +++ b/doc/security-team.d.o/security_tracker @@ -9,12 +9,12 @@ Everything in the [Debian Security Tracker](https://security-tracker.debian.org/ "[Debian doesn't hide problems](https://www.debian.org/social_contract)" available. The best thing about our tracking *system* is that it is very basic. -There is no overhead of web-based ticket/issue trackers, it's -just a Subversion (SVN) repository and some text files that we -collaboratively edit and then some scripts to parse these files and -generate useful reports available online. Everything is designed to be -very simple to use, transparent and easy to see what other people are -working on so you can work on other things. +There is no overhead of web-based ticket/issue trackers, it's just a Git +repository and some text files that we collaboratively edit and then +some scripts to parse these files and generate useful reports available +online. Everything is designed to be very simple to use, transparent and +easy to see what other people are working on so you can work on other +things. Gentle Introduction ------------------- @@ -23,49 +23,22 @@ The following will give you a basic walkthrough of how the files are structured, and how we do our work while tracking issues. The best way to understand is to check out our repository from -Subversion so you have the files on your computer and can follow along +Git so you have the files on your computer and can follow along at home. To do this you just need to do the following: - svn co svn+ssh://@svn.debian.org/svn/secure-testing + git clone --recursive git@salsa.debian.org:security-tracker-team/security-tracker.git This will check out the working repository (given that you already have -an [Alioth account](https://alioth.debian.org/account/register.php) and [public key authentication already set up](https://wiki.debian.org/Alioth/SSH). After successful downloading, -you will have a new directory called `secure-testing`. Inside this directory -are a number of subdirectories. The `data` directory is where we do most of -our work. - -Note that the name of the Subversion repository is historical; -the tracker is not specially related to testing-security, but for Debian -security at large. - -If you don't have an Alioth account, [you can create one](https://alioth.debian.org/account/register.php). You can then join [the team](https://alioth.debian.org/projects/secure-testing) by clicking the [*Request to join* link](https://alioth.debian.org/project/request.php?group_id=30437). +an [Salsa +account](https://wiki.debian.org/Salsa/Doc#Users:_Login_and_Registration). +After successful downloading, you will have a new directory called +`security-tracker`. Inside this directory are a number of +subdirectories. The `data` directory is where we do most of our work. If you don't need write access, you can of course check out our files -without an Alioth account as well: - - svn co svn://anonscm.debian.org/svn/secure-testing - -If you are a Git fan, you can also use git-svn. Once you have the -git-svn package installed, you can clone the Subversion repository into -your own local Git repository with: - - git svn clone svn+ssh://@svn.debian.org/svn/secure-testing - -Note that this will take a very long time (expect over two hours) since -every commit from the very beginning (over 12,000 at this point) is -checked out individually and merged into your Git repository. - -### Subversion and git-svn Crash Course - - -The following table lists the most common/useful commands for working -with the secure-testing repository: +without a Salsa account as well: - subversion | git-svn | action - -----------------|-------------------|------------------------------ - `svn update` | `git svn rebase` | sync your local repo from remote secure-testing repo - `svn commit` | `git svn dcommit` | commit your changes to the remote secure-testing repo (note that `git commit -a` only updates your local repo) - `svn diff` | `git diff` | compare your local repo to remote secure-testing repo + git clone --recursive https://salsa.debian.org/security-tracker-team/security-tracker.git The CVE list (`CVE/list`) ------------------------- @@ -77,11 +50,12 @@ from [MITRE](glossary.html#mitre), automatically checks that in into `data/CVE/l also syncs that file with other lists like `data/DSA/list` and `data/DTSA/list`. -These automatic commits as well as all Subversion commits are notified via either the [secure-testing-commits mailing list](https://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits), -or via the [KGB IRC bot](https://packages.debian.org/sid/kgb-bot) in the #debian-security channel on the [OFTC IRC network](http://www.oftc.net/). For example, the bot +These automatic commits as well as all git commits are notified via either the [secure-testing-commits mailing list](https://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits), +or via the Irker IRC bot in the #debian-security channel on the [OFTC IRC network](http://www.oftc.net/). For example, the bot could say in the channel: - 17:14 < KGB-0> sectracker r21191 data/CVE/list * automatic update + 17:14 [security-tracker] sectracker role account pushed pushed 1 new commit to master: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37b0fb27...2bf425d5 + 17:14 security-tracker/master 37b0fb27 sectracker role account (1 file): automatic update Most of our work consists of taking new issues that MITRE releases and processing them so that the tracking data is correct. Read on for an @@ -90,7 +64,7 @@ explanation of how we do this. ### Processing `TODO` entries The MITRE update typically manifests in new CVE entries. So what we do -is update our Subversion repository and then edit `data/CVE/list` and look +is update our Git repository and then edit `data/CVE/list` and look for new `TODO` entries. These will often be in blocks of 10-50 or so, depending on how many new issues have been assigned by MITRE. @@ -573,7 +547,7 @@ debian-security-tracker@lists.debian.org mailing list. Commits are checked for syntax errors before they are actually committed, and you'll receive an error and your commit is aborted if it is in error. To check your changes yourself beforehand, use `make check-syntax` from -the root of the SVN directory. +the root of the Git directory. Following up on security issues ------------------------------- -- cgit v1.2.3