For pre-releases, use status 2 when supserseded.

author Otto <otto.moerbeek@open-xchange.com>

Fri, 3 Dec 2021 08:18:41 +0000 (09:18 +0100)

committer Otto <otto.moerbeek@open-xchange.com>

Fri, 3 Dec 2021 10:25:40 +0000 (11:25 +0100)
author Otto <otto.moerbeek@open-xchange.com>
Fri, 3 Dec 2021 08:18:41 +0000 (09:18 +0100)
committer Otto <otto.moerbeek@open-xchange.com>
Fri, 3 Dec 2021 10:25:40 +0000 (11:25 +0100)
diff --git a/docs/common/secpoll.rst b/docs/common/secpoll.rst

index 5ee7ac1e184e855f227de2ee010a98223efe56af..051b7ffa3edcf7ffd550472330af9f103f63dcd8 100644 (file)
--- a/docs/common/secpoll.rst
+++ b/docs/common/secpoll.rst
@@ -38,6 +38,7 @@ The data returned is in one of the following forms:
  -  "3 Upgrade mandatory for security reasons, see ..." -> 3
  
  In cases 2 or 3, periodic logging commences.
+Case 2 can also be issued for non-security related upgrade recommendations for pre-releases.
  The metric security-status is set to 2 or 3 respectively.
  If at a later date, resolution fails, the security-status is not reset to 1.
  It could be lowered however if we discover the security status is less urgent than we thought.
diff --git a/docs/secpoll.zone b/docs/secpoll.zone

index d5d5e27e443797a88b5749c7402da8ced2bee50c..6379723abf7c277802e59b6b33a75bc7e43d5224 100644 (file)
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,7 +1,19 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2021120301 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2021120304 10800 3600 604800 10800
  @       3600    IN  NS  pdns-public-ns1.powerdns.com.
  @       3600    IN  NS  pdns-public-ns2.powerdns.com.
  
+; Policy to mark releases
+; =======================
+; Status 1: OK
+; Status 2: Upgrade recommended for security or other reasons
+; Status 3: Upgrade mandatory for security reasons
+
+; Pre-releases (alpha, beta, rc) get initial status: "1 Unsupported pre-release"
+; Superseded pre-releases get "2 Superseded pre-release", or "3 ..." if a security issue was found.
+
+; Official releases get status 2 or 3 on security issues or on end-of-life of the version only.
+;
+
  ; Auth
  auth-3.3.2.security-status                              60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/"
  auth-3.3.3.security-status                              60 IN TXT "3 Patch now, see https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/"
@@ -224,7 +236,7 @@ recursor-4.1.14.security-status                         60 IN TXT "3 Upgrade now
  recursor-4.1.15.security-status                         60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html"
  recursor-4.1.16.security-status                         60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html"
  recursor-4.1.17.security-status                         60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html"
-recursor-4.1.18.security-status                         60 IN TXT "1 OK"
+recursor-4.1.18.security-status                         60 IN TXT "2 Unsupported release (EOL)"
  
  recursor-4.2.0-alpha1.security-status                   60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
  recursor-4.2.0-beta1.security-status                    60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
@@ -235,7 +247,7 @@ recursor-4.2.1.security-status                          60 IN TXT "3 Upgrade now
  recursor-4.2.2.security-status                          60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html"
  recursor-4.2.3.security-status                          60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html"
  recursor-4.2.4.security-status                          60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html"
-recursor-4.2.5.security-status                          60 IN TXT "1 OK"
+recursor-4.2.5.security-status                          60 IN TXT "2 Unsupported release (EOL)"
  
  recursor-4.3.0-alpha1.security-status                   60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
  recursor-4.3.0-alpha2.security-status                   60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
@@ -279,10 +291,10 @@ recursor-4.5.4.security-status                          60 IN TXT "1 OK"
  recursor-4.5.5.security-status                          60 IN TXT "1 OK"
  recursor-4.5.6.security-status                          60 IN TXT "1 OK"
  recursor-4.5.7.security-status                          60 IN TXT "1 OK"
-recursor-4.6.0-alpha1.security-status                   60 IN TXT "1 Unsupported pre-release"
-recursor-4.6.0-alpha2.security-status                   60 IN TXT "1 Unsupported pre-release"
-recursor-4.6.0-beta1.security-status                    60 IN TXT "1 Unsupported pre-release"
-recursor-4.6.0-beta2.security-status                    60 IN TXT "1 Unsupported pre-release"
+recursor-4.6.0-alpha1.security-status                   60 IN TXT "2 Unsupported pre-release"
+recursor-4.6.0-alpha2.security-status                   60 IN TXT "2 Unsupported pre-release"
+recursor-4.6.0-beta1.security-status                    60 IN TXT "2 Unsupported pre-release"
+recursor-4.6.0-beta2.security-status                    60 IN TXT "2 Unsupported pre-release"
  recursor-4.6.0-rc1.security-status                      60 IN TXT "1 Unsupported pre-release"
  
  ; Recursor Debian
@@ -426,7 +438,7 @@ dnsdist-1.6.0-rc1.security-status                          60 IN TXT "3 Unsuppor
  dnsdist-1.6.0-rc2.security-status                          60 IN TXT "3 Unsupported pre-release"
  dnsdist-1.6.0.security-status                              60 IN TXT "1 OK"
  dnsdist-1.6.1.security-status                              60 IN TXT "1 OK"
-dnsdist-1.7.0-alpha1.security-status                       60 IN TXT "1 Unsupported pre-release"
-dnsdist-1.7.0-alpha2.security-status                       60 IN TXT "1 Unsupported pre-release"
-dnsdist-1.7.0-beta1.security-status                        60 IN TXT "1 Unsupported pre-release"
+dnsdist-1.7.0-alpha1.security-status                       60 IN TXT "2 Unsupported pre-release"
+dnsdist-1.7.0-alpha2.security-status                       60 IN TXT "2 Unsupported pre-release"
+dnsdist-1.7.0-beta1.security-status                        60 IN TXT "2 Unsupported pre-release"
  dnsdist-1.7.0-beta2.security-status                        60 IN TXT "1 Unsupported pre-release"
author	Otto <otto.moerbeek@open-xchange.com>
	Fri, 3 Dec 2021 08:18:41 +0000 (09:18 +0100)
committer	Otto <otto.moerbeek@open-xchange.com>
	Fri, 3 Dec 2021 10:25:40 +0000 (11:25 +0100)
docs/common/secpoll.rst		patch \| blob \| blame \| history
docs/secpoll.zone		patch \| blob \| blame \| history