Commit a2d202db authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Cleanup documentation after move from Alioth to Salsa

Reference the git repository and remove the sections referring to
git-svn.

Replace mentioning of the KGB bot with the salsabot.
Signed-off-by: Salvatore Bonaccorso's avatarSalvatore Bonaccorso <carnil@debian.org>

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@59019 e39458fd-73e7-0310-bf30-c45bca0a0e42
parent 052c6605
......@@ -9,12 +9,12 @@ Everything in the [Debian Security Tracker](https://security-tracker.debian.org/
"[Debian doesn't hide problems](https://www.debian.org/social_contract)" available.
The best thing about our tracking *system* is that it is very basic.
There is no overhead of web-based ticket/issue trackers, it's
just a Subversion (SVN) repository and some text files that we
collaboratively edit and then some scripts to parse these files and
generate useful reports available online. Everything is designed to be
very simple to use, transparent and easy to see what other people are
working on so you can work on other things.
There is no overhead of web-based ticket/issue trackers, it's just a Git
repository and some text files that we collaboratively edit and then
some scripts to parse these files and generate useful reports available
online. Everything is designed to be very simple to use, transparent and
easy to see what other people are working on so you can work on other
things.
Gentle Introduction
-------------------
......@@ -23,49 +23,22 @@ The following will give you a basic walkthrough of how the files are
structured, and how we do our work while tracking issues.
The best way to understand is to check out our repository from
Subversion so you have the files on your computer and can follow along
Git so you have the files on your computer and can follow along
at home. To do this you just need to do the following:
svn co svn+ssh://<alioth user name>@svn.debian.org/svn/secure-testing
git clone --recursive git@salsa.debian.org:security-tracker-team/security-tracker.git
This will check out the working repository (given that you already have
an [Alioth account](https://alioth.debian.org/account/register.php) and [public key authentication already set up](https://wiki.debian.org/Alioth/SSH). After successful downloading,
you will have a new directory called `secure-testing`. Inside this directory
are a number of subdirectories. The `data` directory is where we do most of
our work.
Note that the name of the Subversion repository is historical;
the tracker is not specially related to testing-security, but for Debian
security at large.
If you don't have an Alioth account, [you can create one](https://alioth.debian.org/account/register.php). You can then join [the team](https://alioth.debian.org/projects/secure-testing) by clicking the [*Request to join* link](https://alioth.debian.org/project/request.php?group_id=30437).
an [Salsa
account](https://wiki.debian.org/Salsa/Doc#Users:_Login_and_Registration).
After successful downloading, you will have a new directory called
`security-tracker`. Inside this directory are a number of
subdirectories. The `data` directory is where we do most of our work.
If you don't need write access, you can of course check out our files
without an Alioth account as well:
svn co svn://anonscm.debian.org/svn/secure-testing
If you are a Git fan, you can also use git-svn. Once you have the
git-svn package installed, you can clone the Subversion repository into
your own local Git repository with:
git svn clone svn+ssh://<alioth user name>@svn.debian.org/svn/secure-testing
Note that this will take a very long time (expect over two hours) since
every commit from the very beginning (over 12,000 at this point) is
checked out individually and merged into your Git repository.
### Subversion and git-svn Crash Course
The following table lists the most common/useful commands for working
with the secure-testing repository:
without a Salsa account as well:
subversion | git-svn | action
-----------------|-------------------|------------------------------
`svn update` | `git svn rebase` | sync your local repo from remote secure-testing repo
`svn commit` | `git svn dcommit` | commit your changes to the remote secure-testing repo (note that `git commit -a` only updates your local repo)
`svn diff` | `git diff` | compare your local repo to remote secure-testing repo
git clone --recursive https://salsa.debian.org/security-tracker-team/security-tracker.git
The CVE list (`CVE/list`)
-------------------------
......@@ -77,11 +50,12 @@ from [MITRE](glossary.html#mitre), automatically checks that in into `data/CVE/l
also syncs that file with other lists like `data/DSA/list` and
`data/DTSA/list`.
These automatic commits as well as all Subversion commits are notified via either the [secure-testing-commits mailing list](https://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits),
or via the [KGB IRC bot](https://packages.debian.org/sid/kgb-bot) in the #debian-security channel on the [OFTC IRC network](http://www.oftc.net/). For example, the bot
These automatic commits as well as all git commits are notified via either the [secure-testing-commits mailing list](https://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits),
or via the Irker IRC bot in the #debian-security channel on the [OFTC IRC network](http://www.oftc.net/). For example, the bot
could say in the channel:
17:14 < KGB-0> sectracker r21191 data/CVE/list * automatic update
17:14 <salsabot> [security-tracker] sectracker role account pushed pushed 1 new commit to master: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37b0fb27...2bf425d5
17:14 <salsabot> security-tracker/master 37b0fb27 sectracker role account (1 file): automatic update
Most of our work consists of taking new issues that MITRE releases and
processing them so that the tracking data is correct. Read on for an
......@@ -90,7 +64,7 @@ explanation of how we do this.
### Processing `TODO` entries
The MITRE update typically manifests in new CVE entries. So what we do
is update our Subversion repository and then edit `data/CVE/list` and look
is update our Git repository and then edit `data/CVE/list` and look
for new `TODO` entries. These will often be in blocks of 10-50 or so,
depending on how many new issues have been assigned by MITRE.
......@@ -573,7 +547,7 @@ debian-security-tracker@lists.debian.org mailing list.
Commits are checked for syntax errors before they are actually committed,
and you'll receive an error and your commit is aborted if it is in error.
To check your changes yourself beforehand, use `make check-syntax` from
the root of the SVN directory.
the root of the Git directory.
Following up on security issues
-------------------------------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment