From owner-cvs-all@FreeBSD.ORG Sat May 28 05:34:53 2005 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE1CE16A41C; Sat, 28 May 2005 05:34:53 +0000 (GMT) (envelope-from bmah@freebsd.org) Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8608A43D1D; Sat, 28 May 2005 05:34:53 +0000 (GMT) (envelope-from bmah@freebsd.org) Received: from [192.168.2.125] (hawkeye.kitchenlab.org [64.142.31.109]) (authenticated bits=0) by a.mail.sonic.net (8.13.3/8.13.3) with ESMTP id j4S5YnWS026581 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 27 May 2005 22:34:53 -0700 From: "Bruce A. Mah" To: "Simon L. Nielsen" In-Reply-To: <20050526193032.GE794@zaphod.nitro.dk> References: <200505261456.j4QEuh7s088699@repoman.freebsd.org> <1117119937.34783.14.camel@tomcat.kitchenlab.org> <20050526191549.GB17267@cirb503493.alcatel.com.au> <20050526193032.GE794@zaphod.nitro.dk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-1f+wowyARkCU486ZEbmH" Date: Fri, 27 May 2005 22:34:47 -0700 Message-Id: <1117258487.764.14.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 FreeBSD GNOME Team Port Cc: Peter Jeremy , doc-committers@freebsd.org, cvs-doc@freebsd.org, cvs-all@freebsd.org, bmah@freebsd.org Subject: Re: cvs commit: www/en/releases/5.4R errata.html X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 May 2005 05:34:54 -0000 --=-1f+wowyARkCU486ZEbmH Content-Type: text/plain Content-Transfer-Encoding: quoted-printable If memory serves me right, Simon L. Nielsen wrote: > On 2005.05.27 05:15:50 +1000, Peter Jeremy wrote: > > >...and my apologies to anyone who was actually expecting the Web site = to > > >have the up-to-date 5.4-RELEASE errata. My release documentation skil= ls > > >are still a bit rusty, it seems. :-p > >=20 > > Do we need a "things to do for a security advisory or errata update" > > document similar to the "things to do during a release" document? >=20 > Yes, and actually such a document exists (or at least a draft for > one)... >=20 > The current problem, which I was/is planning to take up with the > appropriate people, is that the wording style used in the errata > document is different from the wording style used in the Security > Advisories, so it's not just a simple cut'n'paste. >=20 > I haven't really gotten around to looking into what would be a good > solution, but I'm very open to ideas. I agree with your assessment of the problem. Basically, the advisory contains a lot more details than can be expressed in a simple sentence or two. (This is why there is always a hyperlink in the errata or release note entry to the advisory itself, which is the definitive description of the vulnerability/bug/whatever.) Basically this meant understanding the advisory well enough to write a one-sentence summary of it. I usually got it right, although there was once when it took many iterations between security-team@ and me before the correct text finally made it into the errata. I'm not sure if there are any shortcuts other than someone (whether on security-team@, re@, or other) just sitting down and writing some suitable text. Bruce. --=-1f+wowyARkCU486ZEbmH Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCmAL22MoxcVugUsMRAn7hAJ40ikDfMs94UK7tB7Z6yp8Qtf7h9wCg9NHb fXvL+1WsJE3LIEULeWkgVAs= =O4/T -----END PGP SIGNATURE----- --=-1f+wowyARkCU486ZEbmH--