Date: Sat, 28 May 2005 10:29:10 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: "Bruce A. Mah" <bmah@freebsd.org> Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, doc-committers@freebsd.org, cvs-doc@freebsd.org, cvs-all@freebsd.org, Hiroki Sato <hrs@FreeBSD.org> Subject: Re: cvs commit: www/en/releases/5.4R errata.html Message-ID: <20050528082910.GH787@zaphod.nitro.dk> In-Reply-To: <1117258487.764.14.camel@localhost> References: <200505261456.j4QEuh7s088699@repoman.freebsd.org> <1117119937.34783.14.camel@tomcat.kitchenlab.org> <20050526191549.GB17267@cirb503493.alcatel.com.au> <20050526193032.GE794@zaphod.nitro.dk> <1117258487.764.14.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--bAmEntskrkuBymla Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [I just added hrs@ to CC, since this is also his area] On 2005.05.27 22:34:47 -0700, Bruce A. Mah wrote: > If memory serves me right, Simon L. Nielsen wrote: > > On 2005.05.27 05:15:50 +1000, Peter Jeremy wrote: >=20 > > > >...and my apologies to anyone who was actually expecting the Web sit= e to > > > >have the up-to-date 5.4-RELEASE errata. My release documentation sk= ills > > > >are still a bit rusty, it seems. :-p > > >=20 > > > Do we need a "things to do for a security advisory or errata update" > > > document similar to the "things to do during a release" document? > >=20 > > Yes, and actually such a document exists (or at least a draft for > > one)... > >=20 > > The current problem, which I was/is planning to take up with the > > appropriate people, is that the wording style used in the errata > > document is different from the wording style used in the Security > > Advisories, so it's not just a simple cut'n'paste. > >=20 > > I haven't really gotten around to looking into what would be a good > > solution, but I'm very open to ideas. >=20 > I agree with your assessment of the problem. Basically, the advisory > contains a lot more details than can be expressed in a simple sentence > or two. (This is why there is always a hyperlink in the errata or > release note entry to the advisory itself, which is the definitive > description of the vulnerability/bug/whatever.) Well, basically I see three ways to go: 1. Status-quo, which means that errata will likely be more or less out-of-date (hopefully less). 2. Just link to the advisory and have no description, or a very brief one of where there problem lies, so it can be written in a very short time and is therefor more likely to be written by a security-team@ memeber during the advisory release cycle. 3. Simply copy/paste the relevant part of the security advisory (probably the "Problem Description" and "Impact" sections) and use that. I would probably prefer 2, with an appropriate header in the section basically telling people to read the advisories. > Basically this meant understanding the advisory well enough to write a > one-sentence summary of it. I usually got it right, although there was > once when it took many iterations between security-team@ and me before > the correct text finally made it into the errata. I'm not sure if there > are any shortcuts other than someone (whether on security-team@, re@, or > other) just sitting down and writing some suitable text. For most advisories I currently know the issue well enough to describe it, but the problem is that it takes me forever to do rephrasing into something which fits the errata wording style, and is at least somewhat grammatically correct :-/. The same issue goes for the Release Notes btw. --=20 Simon L. Nielsen --bAmEntskrkuBymla Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCmCvVh9pcDSc1mlERAq9CAKCYd5ozLZO2+cRN8hfo9AvbhFA/fQCfW4hO B7DZaQCME7x0PGJKq7CP5BI= =+0dg -----END PGP SIGNATURE----- --bAmEntskrkuBymla--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050528082910.GH787>