diff options
author | Silvan Mosberger <silvan.mosberger@tweag.io> | 2023-07-25 18:34:15 +0200 |
---|---|---|
committer | Silvan Mosberger <silvan.mosberger@tweag.io> | 2023-08-13 22:04:56 +0200 |
commit | 129da60f578723edc9ca6405ca7f53b31afd1875 (patch) | |
tree | 5eec8ba21fac64b6c551230cf068a3b858c4b92a /doc/contributing | |
parent | 86f14e461ef18bf5c0dbc63f46fdc5d13d183628 (diff) |
doc/vulnerability-roundup: Rough move to new contribution doc files
No content was changed, new titles are wrapped with () to signal that they will need to be decided on in a future commit. Section in the manual have been preserved with a simple redirect to GitHub, the proper anchors should be filled out in a future commit once the new section names are decided.
Diffstat (limited to 'doc/contributing')
-rw-r--r-- | doc/contributing/vulnerability-roundup.chapter.md | 42 |
1 files changed, 4 insertions, 38 deletions
diff --git a/doc/contributing/vulnerability-roundup.chapter.md b/doc/contributing/vulnerability-roundup.chapter.md index d451420f9815a..0880fecea9828 100644 --- a/doc/contributing/vulnerability-roundup.chapter.md +++ b/doc/contributing/vulnerability-roundup.chapter.md @@ -1,45 +1,11 @@ # Vulnerability Roundup {#chap-vulnerability-roundup} -## Issues {#vulnerability-roundup-issues} - -Vulnerable packages in Nixpkgs are managed using issues. -Currently opened ones can be found using the following: - -[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22) - -Each issue correspond to a vulnerable version of a package; As a consequence: - -- One issue can contain several CVEs; -- One CVE can be shared across several issues; -- A single package can be concerned by several issues. - - -A "Vulnerability roundup" issue usually respects the following format: +This section has been moved to [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md). -```txt -<link to relevant package search on search.nix.gsc.io>, <link to relevant files in Nixpkgs on GitHub> - -<list of related CVEs, their CVSS score, and the impacted NixOS version> - -<list of the scanned Nixpkgs versions> - -<list of relevant contributors> -``` - -Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package. +## Issues {#vulnerability-roundup-issues} +This section has been moved to [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md). ## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing} -**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable). -If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check. - -If you are investigating a "true positive": - -- Find the earliest patched version or a code patch in the CVE details; -- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch? - - **No**: - - [Submit a security fix](#submitting-changes-submitting-security-fixes); - - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches); - - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches). -- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s). +This section has been moved to [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md). |