README for /security/

To: debian-www@lists.debian.org
Subject: README for /security/
From: Frank Lichtenheld <frank@lichtenheld.de>
Date: Wed, 26 Mar 2003 21:47:46 +0100
Message-id: <[🔎] 20030326204746.GC832@djpig.de>
Mail-followup-to: debian-www@lists.debian.org

I've written a README file for security, mostly for documenting
the new recommended handling of new revisions. I've added also
a part about the use of parse_advisory.pl for completeness.

Please read the text and send me your comments and suggestions.

Greetings,
	Frank

-- 
*** Frank Lichtenheld <frank@lichtenheld.de> ***
          *** http://www.djpig.de/ ***
see also: - http://www.usta.de/
          - http://fachschaft.physik.uni-karlsruhe.de/

/security/ -- Handling of Debian Security Advisories (DSA)
==========================================================

1. publishing a new advisory
-----------------------------

New advisories are stored by the security team in 
security.debian.org:/org/security.debian.org/advisories/DSA/
You must run ./parse_advisory.pl on this files in order
to create the corresponding dsa-XXX.wml and dsa-XXX.data files.

You can also use the text of the advisory as sent over 
debian-security-announce if you have no access to security.d.o
and no one of the security team has time to help you.

USAGE:
	./parse_advisory.pl [ -d ] <advisory_file>

the option -d enables the debug mode. This redirects the output
to standard output.

2. updating a advisory (new revision)
-------------------------------------

When a new revision of an advisory is released, you would normally
just edit the .wml and .data files to reflect the changes.
However, if some packages have been added to the advisory it can be 
helpful to run parse_advisory.pl in a separate directory and copy the
new URLs to the old advisory. 
You can specify the date of revisions in the report_date tag
as comma delimited list. 

If a new revision is released before the next report and within a 
short time after the preceding one (half a week or so), you 
probably want to replace the last date instead, because new revisions 
appear as separate entries in the list on security/index

The possibility to specify a comma separated list in a report_date
tag instead one date is new since 03/2003 and thus not used in
advisories released before that. If you want to update the old
advisories: Just do it! But this has no high priority.

Reply to:

Follow-Ups:
- Re: README for /security/
  - From: Andrew Shugg <andrew@neep.com.au>

Prev by Date: Bug#186335: www.debian.org: http://lists.debian.org/lsb.html Contains broken link to linuxbase.org page
Next by Date: Bug#156679: marked as done (www.debian.org: Recent security advisory list too short.)
Previous by thread: Bug#186335: marked as done (www.debian.org: http://lists.debian.org/lsb.html Contains broken link to linuxbase.org page)
Next by thread: Re: README for /security/
Index(es):
- Date
- Thread