Date: Fri, 26 Apr 2019 19:16:46 +0000 (UTC) From: Remko Lodder <remko@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52958 - in head: en_US.ISO8859-1/htdocs en_US.ISO8859-1/htdocs/security share/xml Message-ID: <201904261916.x3QJGkwj071419@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: remko Date: Fri Apr 26 19:16:46 2019 New Revision: 52958 URL: https://svnweb.freebsd.org/changeset/doc/52958 Log: Remove myself as so-deputy. It had been a journey. Thanks all! Modified: head/en_US.ISO8859-1/htdocs/administration.xml head/en_US.ISO8859-1/htdocs/security/reporting.xml head/en_US.ISO8859-1/htdocs/security/security.xml head/share/xml/authors.ent Modified: head/en_US.ISO8859-1/htdocs/administration.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/administration.xml Wed Apr 24 18:33:03 2019 (r52957) +++ head/en_US.ISO8859-1/htdocs/administration.xml Fri Apr 26 19:16:46 2019 (r52958) @@ -167,7 +167,6 @@ <li>&a.joneum.email;</li> <li>&a.feld.email;</li> <li>&a.miwi.email;</li> - <li>&a.remko.email;</li> <li>&a.zi.email;</li> <li>&a.simon.email;</li> <li>&a.sbz.email;</li> @@ -197,7 +196,6 @@ <li>&a.blackend.email;</li> <li>&a.rgrimes.email;</li> <li>&a.delphij.email;</li> - <li>&a.remko.email; (Security Team Liaison)</li> <li>&a.hrs.email;</li> <li>&a.glebius.email;</li> <li>&a.marius.email; (Deputy Lead)</li> @@ -278,7 +276,6 @@ <li>&a.des.email; (Officer Emeritus)</li> <li>&a.gjb.email; (Cluster Administrators Team Liaison)</li> <li>&a.emaste.email; (Officer Deputy)</li> - <li>&a.remko.email; (Officer Deputy)</li> <li>&a.brooks.email; (Core Team Liaison)</li> </ul> Modified: head/en_US.ISO8859-1/htdocs/security/reporting.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/reporting.xml Wed Apr 24 18:33:03 2019 (r52957) +++ head/en_US.ISO8859-1/htdocs/security/reporting.xml Fri Apr 26 19:16:46 2019 (r52958) @@ -89,10 +89,6 @@ <td>Deputy Security Officer</td> </tr> <tr valign="top"> - <td>&a.remko.email;</td> - <td>Deputy Security Officer</td> - </tr> - <tr valign="top"> <td>&a.delphij.email;</td> <td>Security Officer Emeritus</td> </tr> Modified: head/en_US.ISO8859-1/htdocs/security/security.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/security.xml Wed Apr 24 18:33:03 2019 (r52957) +++ head/en_US.ISO8859-1/htdocs/security/security.xml Fri Apr 26 19:16:46 2019 (r52958) @@ -52,6 +52,44 @@ href="reporting.html">reporting FreeBSD security incidents</a> page.</p> + <a name="when-reporting"></a> + <h2>When is a Security Advisory considered?</h2> + + <p>For every issue that gets reported, an internal tracking number is + created, unless something is very obviously not a security issue. + To determine whether or not a Security Advisory is warranted we use + the following scheme:</p> + + <ul> + <li>Is it a privilege escalation vulnerability?</li> + <li>Is it a code injection vulnerability?</li> + <li>Is it a memory disclosure or dataleak vulnerability? + <ul> + <li>From either the kernel</li> + <li>From a privileged process</li> + <li>From a process owned by another user?</li> + </ul> + </li> + <li>Is it a Denial of Service vulnerability? + <ul> + <li>Only when remotely exploitable, where remotely means that it + comes from a different broadcast domain, so ARP and/or NDP based + attacks do not qualify.</li> + </ul> + </li> + <li>Is it an unassisted jailbreak vulnerability?</li> + <li>Is it a malfunction that could lead to generating insecure crypto keys, + such as a PRNG bug?</li> + </ul> + + <p>For items that fall under these categories, a Security Advisory is very likely. + Items that are not on this list are looked into individually and it will be determined + then whether or not it will receive a Security Advisory or an Errata Notice.</p> + + <p>Once it had been determined that a Security Advisory is warranted, either the + submitter delivers a CVE number if he/she already requested one, or we use one + from the FreeBSD pool available.</p> + <a name="recent"></a> <h2>Recent FreeBSD security vulnerabilities</h2> Modified: head/share/xml/authors.ent ============================================================================== --- head/share/xml/authors.ent Wed Apr 24 18:33:03 2019 (r52957) +++ head/share/xml/authors.ent Fri Apr 26 19:16:46 2019 (r52958) @@ -2662,7 +2662,7 @@ <!ENTITY a.so '&a.gordon;'> <!ENTITY a.so.email '&a.gordon.email;'> -<!ENTITY a.so-team '&a.delphij;, &a.des;, &a.gavin;, &a.gjb;, &a.glebius;, &a.remko;'> +<!ENTITY a.so-team '&a.delphij;, &a.des;, &a.emaste; &a.gavin;, &a.gjb;'> <!-- FreeBSD cluster entities --> <!ENTITY a.keymaster "Self-Serve SSH key changer">
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904261916.x3QJGkwj071419>