Contents of /TODO

* Set up for DTSAs

  - Auto moderation of developer signed mails to -announce.

  - sndadvisory should remove TODO lines from the list file since the
    advisory is complete

  - merge sndadvisory into dtsa script?

  - web DTSA pages should be built on the fly using the metadata in DTSA/
    so we don't have to update things in two places when making a change,
    and so releasing a DTSA does not involve copying html files around

  - The dtsa script should have support for updating the list file
    when running it on an advisory that it's already been run on before.
    This would facilitate issuing asvisories, which often takes a few runs
    before the final one is sent. Alternatively, get rid of the DTSA/list
    file (do we need it for anything really?)

* Merge stuff into security.debian.org. Long term, but we need to keep in
  mind that the current archive setup is just to get bootstrapped.

* Web overview
  - checklist setup for unstable needs to be fixed to ignore Hurd

* Florian's overview should be moved to secure-testing.debian.net, but
  Florian wants to resolve some issues before.

* Write the script that digs through the security bugs

* Write the script that handles the transfer between secure-testing and testing
  wrt incomplete archs (aba)

* Improve the developer's reference wrt security bugs (micah)

* Document that finalized syntax

* Review open security bugs and tag the wrt versioned bug tracking

* Create a repo of security patches

* Add user tags to security bugs to add a CVE number and a "tracked" for each analyzed
  security bug. 

* Retroactive updating of the list for not-affected and others

* Document all our stuff and work

* Implement the HELP tag and add it to some outstanding issues

* Link source package specific overview into the PTS


1	* Set up for DTSAs
2
3	- Auto moderation of developer signed mails to -announce.
4
5	- sndadvisory should remove TODO lines from the list file since the
6	advisory is complete
7
8	- merge sndadvisory into dtsa script?
9
10	- web DTSA pages should be built on the fly using the metadata in DTSA/
11	so we don't have to update things in two places when making a change,
12	and so releasing a DTSA does not involve copying html files around
13
14	- The dtsa script should have support for updating the list file
15	when running it on an advisory that it's already been run on before.
16	This would facilitate issuing asvisories, which often takes a few runs
17	before the final one is sent. Alternatively, get rid of the DTSA/list
18	file (do we need it for anything really?)
19
20	* Merge stuff into security.debian.org. Long term, but we need to keep in
21	mind that the current archive setup is just to get bootstrapped.
22
23	* Web overview
24	- checklist setup for unstable needs to be fixed to ignore Hurd
25
26	* Florian's overview should be moved to secure-testing.debian.net, but
27	Florian wants to resolve some issues before.
28
29	* Write the script that digs through the security bugs
30
31	* Write the script that handles the transfer between secure-testing and testing
32	wrt incomplete archs (aba)
33
34	* Improve the developer's reference wrt security bugs (micah)
35
36	* Document that finalized syntax
37
38	* Review open security bugs and tag the wrt versioned bug tracking
39
40	* Create a repo of security patches
41
42	* Add user tags to security bugs to add a CVE number and a "tracked" for each analyzed
43	security bug.
44
45	* Retroactive updating of the list for not-affected and others
46
47	* Document all our stuff and work
48
49	* Implement the HELP tag and add it to some outstanding issues
50
51	* Link source package specific overview into the PTS
52
53