[Secure-testing-team] DTSA advisory format
Joey Hess
joeyh at debian.org
Sun Aug 28 19:41:41 UTC 2005
Moritz Muehlenhoff wrote:
> dtsa -u is only used for updating DTSA that have already been published,
> i.e. for cases where DTSA-X-2 would become necessary. This isn't implemented
> yet, I'm currently working on it.
> To generate the template right now please use "dtsa -a 1".
Ok, calling that "announce" is misleading, since it does not really post
the announcement. Also, dtsa doesn't right-align the url and author at
the top of the template, and it should add new items to the top of the
list file, not to the end. Oh and you put the wrong date in the list, in
case you didn't notice. :-)
> To bring the rest of the rest in the loop; I'm thinking of the following
> work flow:
>
> 1. Someone is working on a vulnerability in package foo. He checks the
> highest currently unused DTSA number and commits an initial .adv file
> into SVN. (can be automated with a little shell script that extracts the
> highest number and performs the checkin)
> This is the equivalent of the "claimed" markers for data/CAN/list.
This is ok as long as we don't mind possibly announcing DTSA's in
non-numerical order as later ones get finished before earlier ones.
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050828/fcfd5e7c/attachment.pgp
More information about the Secure-testing-team
mailing list