Date: Fri, 27 May 2005 22:34:47 -0700 From: "Bruce A. Mah" <bmah@freebsd.org> To: "Simon L. Nielsen" <simon@freebsd.org> Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, doc-committers@freebsd.org, cvs-doc@freebsd.org, cvs-all@freebsd.org, bmah@freebsd.org Subject: Re: cvs commit: www/en/releases/5.4R errata.html Message-ID: <1117258487.764.14.camel@localhost> In-Reply-To: <20050526193032.GE794@zaphod.nitro.dk> References: <200505261456.j4QEuh7s088699@repoman.freebsd.org> <1117119937.34783.14.camel@tomcat.kitchenlab.org> <20050526191549.GB17267@cirb503493.alcatel.com.au> <20050526193032.GE794@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-1f+wowyARkCU486ZEbmH Content-Type: text/plain Content-Transfer-Encoding: quoted-printable If memory serves me right, Simon L. Nielsen wrote: > On 2005.05.27 05:15:50 +1000, Peter Jeremy wrote: > > >...and my apologies to anyone who was actually expecting the Web site = to > > >have the up-to-date 5.4-RELEASE errata. My release documentation skil= ls > > >are still a bit rusty, it seems. :-p > >=20 > > Do we need a "things to do for a security advisory or errata update" > > document similar to the "things to do during a release" document? >=20 > Yes, and actually such a document exists (or at least a draft for > one)... >=20 > The current problem, which I was/is planning to take up with the > appropriate people, is that the wording style used in the errata > document is different from the wording style used in the Security > Advisories, so it's not just a simple cut'n'paste. >=20 > I haven't really gotten around to looking into what would be a good > solution, but I'm very open to ideas. I agree with your assessment of the problem. Basically, the advisory contains a lot more details than can be expressed in a simple sentence or two. (This is why there is always a hyperlink in the errata or release note entry to the advisory itself, which is the definitive description of the vulnerability/bug/whatever.) Basically this meant understanding the advisory well enough to write a one-sentence summary of it. I usually got it right, although there was once when it took many iterations between security-team@ and me before the correct text finally made it into the errata. I'm not sure if there are any shortcuts other than someone (whether on security-team@, re@, or other) just sitting down and writing some suitable text. Bruce. --=-1f+wowyARkCU486ZEbmH Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCmAL22MoxcVugUsMRAn7hAJ40ikDfMs94UK7tB7Z6yp8Qtf7h9wCg9NHb fXvL+1WsJE3LIEULeWkgVAs= =O4/T -----END PGP SIGNATURE----- --=-1f+wowyARkCU486ZEbmH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1117258487.764.14.camel>