Re: security/faq.wml: LoQ
On Wed, Jan 16, 2002 at 04:26:33PM +1100, Craig Small wrote:
> On Wed, Jan 16, 2002 at 12:45:55AM +0100, Denis Barbier wrote:
> > here is a patch to add list of questions at the top of page.
> > If you like it, I could provide a more generic solution for automatic ToC.
> > If you don't, just forget about it ;)
>
> /me looks around
> Forgot to attach it?
Indeed, here it is.
Denis
Index: faq.wml
===================================================================
RCS file: /cvs/webwml/webwml/english/security/faq.wml,v
retrieving revision 1.11
diff -u -r1.11 faq.wml
--- faq.wml 2002/01/15 14:19:59 1.11
+++ faq.wml 2002/01/15 23:33:23
@@ -1,10 +1,29 @@
#use wml::debian::template title="Debian security FAQ"
# $Id: faq.wml,v 1.11 2002/01/15 14:19:59 joey Exp $
+<define-tag-sliced faq-title-question endtag="required" whitespace="delete">
+ [EN:<p><em>Q: %body</em></p>:]
+</define-tag-sliced>
+
+<set-var faq:_cnt=0 />
+<define-tag faq-question endtag="required">
+<increment faq:_cnt />
+<p><a name="<get-var faq:_cnt/>"></a>\
+ <em><faq-title-question>%body</faq-title-question></em></p>
+{#ToC_questions#:<li><a href="#<get-var faq:_cnt/>">%body</a></li>
+:##}
+</define-tag>
+
<p>We receive the following questions a bit too often these days, so
their answers are summarized here.</p>
-<p><em>Q: The signature on your advisories does not verify correctly!</em></p>
+<ul>
+{#ToC_questions#}
+</ul>
+
+<faq-question>
+ The signature on your advisories does not verify correctly!
+</faq-question>
<p>A: This is most likely a problem on your end. The
<a href="http://lists.debian.org/debian-security-announce/";>\
debian-security-announce</a>
@@ -18,7 +37,9 @@
<p>Known culprits are fetchmail (with the mimedecode option enabled) and
formail (from procmail 3.14 only).</p>
-<p><em>Q: How is security handled in Debian?</em></p>
+<faq-question>
+ How is security handled in Debian?
+</faq-question>
<p>A: Once the security team receives a notification of an incident,
one or more members review it and consider its impact on the stable
release of Debian (i.e. if it's vulnerable or not).
@@ -28,9 +49,11 @@
new packages are prepared, which are then compiled on all stable
architectures and uploaded afterwards. After all of that is done,
an advisory is published.</p>
-
-<p><em>Q: What is the policy for a fixed package to appear in security.debian.org?</em>
+<faq-question>
+ What is the policy for a fixed package to appear in
+ security.debian.org?
+</faq-question>
<p>A: Security breakage in the stable distribution warrants a package
on security.debian.org. Anything else does not. The size of a
breakage is not the real problem here. Usually the Security Team
@@ -40,8 +63,10 @@
very trivial security problem fixes will make it to
security.debian.org.</p>
-<p><em>Q: The version number for a package indicates that I am still running
- a vulnerable version!</em>
+<faq-question>
+ The version number for a package indicates that I am still running
+ a vulnerable version!
+</faq-question>
<p>A: Instead of upgrading to a new release we backport security fixes to
the version that was shipped in the stable release. The reason we do
this is to make sure that a release changes as little as possible
@@ -51,19 +76,25 @@
exact version number with the version indicated in the Debian
Security Advisory.</p>
-<p><em>Q: How is security handled for <tt>testing</tt> and <tt>unstable</tt>?</em></p>
+<faq-question>
+ How is security handled for <tt>testing</tt> and <tt>unstable</tt>?
+</faq-question>
<p>A: The short answer is: it's not. Testing and unstable are rapidly moving
targets and the security team does not have the resources needed to
properly support those. If you want to have a secure (and stable) server
you are strongly encouraged to stay with stable.</p>
-<p><em>Q: Why are there no official mirrors for security.debian.org?</em></p>
+<faq-question>
+ Why are there no official mirrors for security.debian.org?
+</faq-question>
<p>A: The purpose of security.debian.org is to make security updates available
as quickly and easily as possible. Mirrors would add extra complexity
that is not needed and can cause frustration if they are not up to
date.</p>
-<p><em>Q: I've seen DSA 100 and DSA 102, now where is DSA 101?</em></p>
+<faq-question>
+ I've seen DSA 100 and DSA 102, now where is DSA 101?
+</faq-question>
<p>A: Several vendors (mostly of GNU/Linux, but also of BSD
deriviates) coordinate security advisories for some incidents and
agree to a particular timeline so that all vendors are able to
@@ -76,21 +107,27 @@
advisory could be released, and hence temporarily leaving out one or
more advisories by number.
-<p><em>Q: How can I reach the security team?</em></p>
+<faq-question>
+ How can I reach the security team?
+</faq-question>
<p>A: Security information can be sent to security@debian.org, which is read
by all Debian developers. If you have sensitive information please
use team@security.debian.org which only the members of the security
team read. If desired email can be encrypted with the Debian Security
Contact key (key ID 363CCD95).</p>
-<p><em>Q: How can I help with security?</em></p>
+<faq-question>
+ How can I help with security?
+</faq-question>
<p>A: Please review each problem before reporting it to
security@debian.org. If you are able to provide patches, that
would speed up the process. Do not simply forward bugtraq mails,
because we already receive them — but do provide us with
additional information about things reported on bugtraq.</p>
-<p><em>Q: What is the scope of proposed-updates?</em>
+<faq-question>
+ What is the scope of proposed-updates?
+</faq-question>
<p>A: This directory contains packages which are proposed to enter the
next revision of Debian stable. Whenever packages are uploaded by
a maintainer for the stable distribution, they end up in the
@@ -105,7 +142,9 @@
-<p><em>Q: How is the security team composed?</em>
+<faq-question>
+ How is the security team composed?
+</faq-question>
<p>A: The Debian security team currently consists of five officers and
two secretaries. The security team itself appoints people to join
the team.
Reply to: