Commit c40f1853 authored by Luciano Bello's avatar Luciano Bello

documenting the change in the tracker with respect to experimental #718362

git-svn-id: svn+ssh:// e39458fd-73e7-0310-bf30-c45bca0a0e42
parent 992379d5
# Steps to release a DSA
To release
Preparing fixed packages
Doable by any DD
Testing fixed packages
Doable by any DD
......@@ -159,7 +159,7 @@ set up an [unstable chroot](
### Packages in the archive
If the vulnerability refers to a package in the Debian archive, look
If the vulnerability refers to a package in the Debian archive (except for experimental, [see later](#packages-in-experimental-only)), look
to see if the package is affected or not (sometimes newer versions that
have the fixes have already been uploaded).
......@@ -250,6 +250,22 @@ add notes if you do change an undetermined issue to unfixed (unless
you're also fixing the issue in the process, which is of course the
ideal way to help/contribute).
### Packages in Experimental only
There are some packages that only exists in experimental. In that
case, place the distribution tag `experimental`. For example:
CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...)
[experimental] - apport 2.12.6-1 (bug #727661)
If the package is in unstable *and* in experimental, focus on unstable (we are
not tracking fixes in experimental). A note about the situation in experimental
is appreciate. For example:
CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS ...)
- gnutls28 <unfixed> (bug #769154)
NOTE: in experimental fixed in 3.3.10-1
### Issues in ITP and/or RFP packages
If an issue is discovered in a package that has an RFP or ITP already filed,
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment