svn commit: r52958 - in head: en_US.ISO8859-1/htdocs en_US.ISO8859-1/htdocs/security share/xml

Remko Lodder remko at FreeBSD.org
Fri Apr 26 19:16:48 UTC 2019 

Author: remko
Date: Fri Apr 26 19:16:46 2019
New Revision: 52958
URL: https://svnweb.freebsd.org/changeset/doc/52958

Log:
  Remove myself as so-deputy. It had been a journey. Thanks all!

Modified:
  head/en_US.ISO8859-1/htdocs/administration.xml
  head/en_US.ISO8859-1/htdocs/security/reporting.xml
  head/en_US.ISO8859-1/htdocs/security/security.xml
  head/share/xml/authors.ent

Modified: head/en_US.ISO8859-1/htdocs/administration.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/administration.xml	Wed Apr 24 18:33:03 2019	(r52957)
+++ head/en_US.ISO8859-1/htdocs/administration.xml	Fri Apr 26 19:16:46 2019	(r52958)
@@ -167,7 +167,6 @@
     <li>&a.joneum.email;</li>
     <li>&a.feld.email;</li>
     <li>&a.miwi.email;</li>
-    <li>&a.remko.email;</li>
     <li>&a.zi.email;</li>
     <li>&a.simon.email;</li>
     <li>&a.sbz.email;</li>
@@ -197,7 +196,6 @@
     <li>&a.blackend.email;</li>
     <li>&a.rgrimes.email;</li>
     <li>&a.delphij.email;</li>
-    <li>&a.remko.email; (Security Team Liaison)</li>
     <li>&a.hrs.email;</li>
     <li>&a.glebius.email;</li>
     <li>&a.marius.email; (Deputy Lead)</li>
@@ -278,7 +276,6 @@
     <li>&a.des.email; (Officer Emeritus)</li>
     <li>&a.gjb.email; (Cluster Administrators Team Liaison)</li>
     <li>&a.emaste.email; (Officer Deputy)</li>
-    <li>&a.remko.email; (Officer Deputy)</li>
     <li>&a.brooks.email; (Core Team Liaison)</li>
   </ul>
 

Modified: head/en_US.ISO8859-1/htdocs/security/reporting.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/security/reporting.xml	Wed Apr 24 18:33:03 2019	(r52957)
+++ head/en_US.ISO8859-1/htdocs/security/reporting.xml	Fri Apr 26 19:16:46 2019	(r52958)
@@ -89,10 +89,6 @@
 	  <td>Deputy Security Officer</td>
 	</tr>
 	<tr valign="top">
-	  <td>&a.remko.email;</td>
-	  <td>Deputy Security Officer</td>
-	</tr>
-	<tr valign="top">
 	  <td>&a.delphij.email;</td>
 	  <td>Security Officer Emeritus</td>
 	</tr>

Modified: head/en_US.ISO8859-1/htdocs/security/security.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/security/security.xml	Wed Apr 24 18:33:03 2019	(r52957)
+++ head/en_US.ISO8859-1/htdocs/security/security.xml	Fri Apr 26 19:16:46 2019	(r52958)
@@ -52,6 +52,44 @@
       href="reporting.html">reporting FreeBSD security incidents</a>
     page.</p>
 
+  <a name="when-reporting"></a>
+  <h2>When is a Security Advisory considered?</h2>
+
+  <p>For every issue that gets reported, an internal tracking number is
+    created, unless something is very obviously not a security issue.
+    To determine whether or not a Security Advisory is warranted we use
+    the following scheme:</p>
+
+  <ul>
+    <li>Is it a privilege escalation vulnerability?</li>
+    <li>Is it a code injection vulnerability?</li>
+    <li>Is it a memory disclosure or dataleak vulnerability?
+      <ul>
+	<li>From either the kernel</li>
+	<li>From a privileged process</li>
+	<li>From a process owned by another user?</li>
+      </ul>
+    </li>
+    <li>Is it a Denial of Service vulnerability?
+      <ul>
+	<li>Only when remotely exploitable, where remotely means that it
+	  comes from a different broadcast domain, so ARP and/or NDP based
+	  attacks do not qualify.</li>
+      </ul>
+    </li>
+    <li>Is it an unassisted jailbreak vulnerability?</li>
+    <li>Is it a malfunction that could lead to generating insecure crypto keys,
+      such as a PRNG bug?</li>
+  </ul>
+
+  <p>For items that fall under these categories, a Security Advisory is very likely.
+    Items that are not on this list are looked into individually and it will be determined
+    then whether or not it will receive a Security Advisory or an Errata Notice.</p>
+
+  <p>Once it had been determined that a Security Advisory is warranted, either the
+    submitter delivers a CVE number if he/she already requested one, or we use one
+    from the FreeBSD pool available.</p>
+
   <a name="recent"></a>
   <h2>Recent FreeBSD security vulnerabilities</h2>
 

Modified: head/share/xml/authors.ent
==============================================================================
--- head/share/xml/authors.ent	Wed Apr 24 18:33:03 2019	(r52957)
+++ head/share/xml/authors.ent	Fri Apr 26 19:16:46 2019	(r52958)
@@ -2662,7 +2662,7 @@
 <!ENTITY a.so '&a.gordon;'>
 <!ENTITY a.so.email '&a.gordon.email;'>
 
-<!ENTITY a.so-team '&a.delphij;, &a.des;, &a.gavin;, &a.gjb;, &a.glebius;, &a.remko;'>
+<!ENTITY a.so-team '&a.delphij;, &a.des;, &a.emaste; &a.gavin;, &a.gjb;'>
 
 <!-- FreeBSD cluster entities -->
 <!ENTITY a.keymaster "Self-Serve SSH key changer">

More information about the svn-doc-all mailing list