diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-10-28 20:24:59 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-10-28 20:24:59 +0000 |
commit | fb06b5d2722d3ece434a38d2271fb5384a9c0528 (patch) | |
tree | 7a2a3f91888024ea57dc89e01178e4a26d3a44c1 /doc/narrative_introduction-testing-security | |
parent | 5dc41f459609c6dd3ea12e3968eea0495931cfaf (diff) |
separate introduction between the Debian Security Tracker and
testing-security, it's confusing and we need a clean separation
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13122 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction-testing-security')
-rw-r--r-- | doc/narrative_introduction-testing-security | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/narrative_introduction-testing-security b/doc/narrative_introduction-testing-security new file mode 100644 index 0000000000..8a085d3e90 --- /dev/null +++ b/doc/narrative_introduction-testing-security @@ -0,0 +1,23 @@ + A Narrative Introduction to the Testing Security + +Stable security deals with embargoed/vendor-sec issues, we don't, we +deal with issues that have already been assigned CVE numbers (although +we often times request these assignments), have been posted to common +security mailing lists, or are seen in commit logs of software that is +tracked (such as the Linux Kernel). + +It is our philosophy that if the Internet knows that there is a +vulnerability in something, then we better know about it and the +package maintainer needs to know about it and it needs to be fixed as +soon as possible. It doesn't make sense to hide issues that everyone +knows about already, in fact users have told us that they prefer to +know not only when a package they have installed is vulnerable (so +they can disable it or firewall it off, or patch it or whatever), but +to also know that Debian is working on a fix. Transparency is what our +users expect, and what they deserve. Tracking publicly known issues +openly (and the occasional unfortunate embargoed issue privately) is +good for the project as a whole, especially the public's perception of +the project. + +TODO: +document DTSAs |