On TODO: check

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@25370 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Luciano Bello <luciano@debian.org> 2014-01-26 15:56:14 +0000
committer: Luciano Bello <luciano@debian.org> 2014-01-26 15:56:14 +0000
commit: c735355cf64607f5143008f55f5f4118d7827341 (patch)
tree: 171b34c67235bc9160ae9a871411f0da25623e8d /doc/narrative_introduction
parent: c2c6e833b3013efe0ac6fe25ba15e42cd3ec9c13 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction
index 248885582f..0f84e4742f 100644
--- a/doc/narrative_introduction
+++ b/doc/narrative_introduction
@@ -391,6 +391,15 @@ CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93
 allows remote ...)
 	TODO: check, whether fastjar from the gcc source packages is affected
 
+If you are not sure about some decision (e.g. which package is affected) or
+classification (e.g. bug severity) you can leave a TODO note for reviewing, 
+explaining which aspect have to be reviewed. For example:
+
+CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in ...)
+    - tor 0.2.4.20-1 (low)
+    [wheezy] - tor <no-dsa> (Minor issue)
+    TODO: review, severity. The exploitation scenario is too complicated.
+
 It is also useful to add information to issues as you find it, so that
 when others go to look at an issue and want to know why you marked it
 as you did, or need a reference, it will be there. The more
author	Luciano Bello <luciano@debian.org>	2014-01-26 15:56:14 +0000
committer	Luciano Bello <luciano@debian.org>	2014-01-26 15:56:14 +0000
commit	c735355cf64607f5143008f55f5f4118d7827341 (patch)
tree	171b34c67235bc9160ae9a871411f0da25623e8d /doc/narrative_introduction
parent	c2c6e833b3013efe0ac6fe25ba15e42cd3ec9c13 (diff)