Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker
Commits: c42bd409 by Sébastien Delafond at 2021-02-26T15:53:07+01:00 doc/triage: minor spelling/typo/punctuation changes - - - - - 1 changed file: - doc/security-team.d.o/triage Changes: ===================================== doc/security-team.d.o/triage ===================================== @@ -10,8 +10,8 @@ Security updates affecting a released Debian suite can fall under three types: - Some issues are simply not worth fixing in a stable release (for multiple reasons, e.g. because they are mostly a PR hype, or because they are mitigated in Debian via a different config or toolchain hardening).. -Every incoming security issues gets triaged. Security issues which are being flagged for the second category are being displayed in the -Debian Package Tracker (tracker.debian.org), in fact you might have been redirected from the PTS to his page. +Every incoming security issue gets triaged. Security issues which are being flagged for the second category are being displayed in the +Debian Package Tracker (tracker.debian.org), in fact you might have been redirected from the PTS to this page. For every CVE listed there, there are three possible options: @@ -20,14 +20,14 @@ https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-cas If you CC [email protected] for the release.debian.org bug, the fixed version will get recorded in the Debian Securiy Tracker. - Some packages have a steady flow of security issues and there's also the option to postpone an update to a later time, in other words -to get piggybacked to a future DSA for a more severe security issue or held back until a few more low severity issues are known. In the +to get piggybacked onto a future DSA dedicated to a more severe security issue, or held back until a few more low severity issues are known. In the Security Tracker these are tracked with the <postponed> state, often this means that a fix has been commited to e.g. a buster branch -in salsa, but no upload has been made yet. You can either send a mail to [email protected] and we'll update the state or +in salsa, but no upload has been made yet. You can either send a mail to [email protected] and we'll update the state, or you can also make the change yourself if you're familiar with the Security Tracker. -- Some packages should rather not be fixed at all, e.g. because the possible benefit does not outweigh the risk/costs of an update -or because an update is not possible (e.g. as it would introduce behavioural not appropriate for a stable release). In the +- Some packages should rather not be fixed at all, e.g. because the possible benefit does not outweigh the risk/costs of an update, +or because an update is not possible (e.g. as it would introduce behavioural changes not appropriate for a stable release). In the Security Tracker these are tracked with the <ignored> state. You can either send a mail to [email protected] and we'll update -the state or you can also make the change yourself if you're familiar with the Security Tracker. +the state, or you can also make the change yourself if you're familiar with the Security Tracker. Any of the three actions above will make the CVE ID disappear from the "low severity" entry in the Security Tracker. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c42bd409f89a0b33b57f3e28c9af722384c85ee0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c42bd409f89a0b33b57f3e28c9af722384c85ee0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
