diff options
author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2011-07-28 05:08:01 +0000 |
---|---|---|
committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2011-07-28 05:08:01 +0000 |
commit | 27bce43fc13e4bd188e9dd7bb4ff5e81d2139466 (patch) | |
tree | 8cb64e8bbca32b7663c499ac70cf30f1d9dd764f /doc/narrative_introduction | |
parent | 757cf8f3d04563b332da024e2810c90eb5d1ccd1 (diff) |
document <undetermined>
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17015 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
-rw-r--r-- | doc/narrative_introduction | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 505dee6419..43fa9bbeae 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -158,6 +158,41 @@ set up an unstable chroot: http://www.debian.org/doc/manuals/reference/ch09#_chroot_system http://wiki.debian.org/Debootstrap +Undetermined Tags +----------------- + +If you don't have time to fully research an issue, but it is abundantly +clear (via CVE text or other announcement) that the issue affects a +particular package or set of packages, the <undetermined> tag can be +used. This has the advantage of entering the issue earlier in the +output of debsecan and on the pts pages, which is useful for the small +set of proactive maintainers paying attention to these information +sources. Getting the maintainer involved hopefully prompts fastera +fixes. This also allows enables tracking of multiple packages, some +of which may already be fixed. + +<undetermined> can also be used when there simply is not enough +information disclosed in the existing known references about the +issue. Essentially, <undetermined> indicates that someone needs +to come back and revisit the issue. An example undetermined +entry is: + +CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...) + - chromium-browser 12.0.742.112~r90304-1 + - webkit <undetermined> + NOTE: webkit commit #123456 + +The list of all of currently undetermined issues is aggregated at: +http://security-tracker.debian.org/tracker/status/undetermined + +This is a good place for new contributors to get started since these +are issues that can be pruned quickly for new information that may +not have been known during the initial disclosure, and thus marked +<unfixed> for further work or closed with a version number. Please +add notes if you do change an undetermined issue to unfixed (unless +you're also fixing the issue in the process, which is of course the +ideal way to help/contribute). + Issues in ITP and/or RFP packages --------------------------------- |