add CVE ids

git-svn-id: svn://anonscm.debian.org/ddp/manuals/trunk/developers-reference@3950 313b444b-1b9f-4f58-a734-7bb04f332e8d

diff --git a/debian/changelog b/debian/changelog
index db1977de15d950e28f51004016bc05209331649b..35972ef85854c8066866cdb34dabdb7c927d39b3 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,7 @@ developers-reference (3.3.8) unstable; urgency=low
   * stop using capitals, minor fixes, language fixes.
     Thanks, Thijs Kinkhorst, Colin Tuckley, Russ Allbery.
     Closes: #368046, #378929, #361744
+  * add CVE Ids to your changelog. Closes: #376961
 
  -- Andreas Barth <aba@not.so.argh.org>  Sat, 11 Nov 2006 10:55:44 -0700
 

diff --git a/developers-reference.sgml b/developers-reference.sgml
index 470e45c49ca250878472b2325f90d71a59e1b9b0..ad2b982e347d2bf032e44a4d253793b8121141a8 100644 (file)
--- a/developers-reference.sgml
+++ b/developers-reference.sgml
@@ -7,7 +7,7 @@
   <!ENTITY % dynamicdata  SYSTEM "dynamic.ent" > %dynamicdata;
 
   <!-- CVS revision of this document -->
-  <!ENTITY cvs-rev "$Revision: 1.303 $">
+  <!ENTITY cvs-rev "$Revision: 1.304 $">
 
   <!-- if you are translating this document, please notate the CVS
        revision of the original developer's reference in cvs-en-rev -->
@@ -1641,6 +1641,15 @@ Please include a <tt>Closes: bug#<var>nnnnn</var></tt> entry in the
 changelog of the new package in order for the bug report to be
 automatically closed once the new package is installed in the archive
 (see <ref id="upload-bugfix">).
+        <p>
+When closing security bugs include CVE numbers as well as the 
+"Closes: #nnnnn".
+This is useful for the security team to track vulnerabilities.
+If an upload is made to fix the bug before the advisory ID is known,
+it is encouraged to modify the historical changelog entry with the next upload;
+please include even in that case all pointers you have to your first
+changelog entry.
+
        <p>
 There are a number of reasons why we ask maintainers to announce their
 intentions: