cvs commit: www/en/releases/5.4R errata.html

[Bruce A. Mah]

If memory serves me right, Simon L. Nielsen wrote:
> On 2005.05.27 05:15:50 +1000, Peter Jeremy wrote:

> > >...and my apologies to anyone who was actually expecting the Web site to
> > >have the up-to-date 5.4-RELEASE errata.  My release documentation skills
> > >are still a bit rusty, it seems.  :-p
> > 
> > Do we need a "things to do for a security advisory or errata update"
> > document similar to the "things to do during a release" document?
> 
> Yes, and actually such a document exists (or at least a draft for
> one)...
> 
> The current problem, which I was/is planning to take up with the
> appropriate people, is that the wording style used in the errata
> document is different from the wording style used in the Security
> Advisories, so it's not just a simple cut'n'paste.
> 
> I haven't really gotten around to looking into what would be a good
> solution, but I'm very open to ideas.

I agree with your assessment of the problem.  Basically, the advisory
contains a lot more details than can be expressed in a simple sentence
or two.  (This is why there is always a hyperlink in the errata or
release note entry to the advisory itself, which is the definitive
description of the vulnerability/bug/whatever.)

Basically this meant understanding the advisory well enough to write a
one-sentence summary of it.  I usually got it right, although there was
once when it took many iterations between security-team@ and me before
the correct text finally made it into the errata.  I'm not sure if there
are any shortcuts other than someone (whether on security-team@, re@, or
other) just sitting down and writing some suitable text.

Bruce.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20050527/fae9dda2/attachment-0001.bin