Refactor Security page for further clarity, and break

into sections that can be directly linked. PR: 213526 Submitted by: linimon Sponsored by: The FreeBSD Foundation
svn path=/head/; revision=49578
2016-10-25 16:35:19 +00:00 · 2016-10-25 16:35:19 +00:00 · 3c9459ebbc · 2020-12-08 03:00:23 +00:00
commit 3c9459ebbc
parent b072c41993
1 changed files with 90 additions and 71 deletions
--- a/en_US.ISO8859-1/htdocs/security/security.xml
+++ b/en_US.ISO8859-1/htdocs/security/security.xml
@ -21,6 +21,20 @@
    possible. This page will provide information about what to do in
    the event of a security vulnerability affecting your system</p>
  <h2>Table of Contents</h2>
  <ul>
    <li><a href="#reporting">Reporting FreeBSD security
 	incidents</a></li> <li><a href="#recent">Recent FreeBSD
 	security vulnerabilities</a></li>
    <li><a href="#advisories">Understanding FreeBSD security
 	advisories</a></li> <li><a href="#how">How to update your
 	system</a></li>
    <li><a href="#sup">Supported FreeBSD releases</a></li>
    <li><a href="#model">The FreeBSD support model</a></li>
  </ul>
  <a name="reporting"></a>
  <h2>Reporting FreeBSD security incidents</h2>
  <p>FreeBSD security issues specific to the base system
@ -36,18 +50,56 @@
      href="reporting.html">reporting FreeBSD security incidents</a>
    page.</p>
  <h2>Table of Contents</h2>
  <ul>
    <li><a href="#recent">Recent FreeBSD security vulnerabilities</a></li>
    <li><a href="#how">How to update your system</a></li>
  </ul>
  <a name="recent"></a>
  <h2>Recent FreeBSD security vulnerabilities</h2>
-  <p>A full list of all security vulnerabilities can be found <a
+  <p>A full list of all security vulnerabilities affecting the base
-      href="advisories.html">on this page</a>.</p>
+    system can be found <a href="advisories.html">on this
      page</a>.</p>
  <a name="advisories"></a>
  <h2>Understanding FreeBSD security advisories</h2>
  <p>Advisories affecting the base system are sent to the following
    mailing lists:</p>
  <ul>
    <li>FreeBSD-security-notifications@FreeBSD.org</li>
    <li>FreeBSD-security@FreeBSD.org</li>
    <li>FreeBSD-announce@FreeBSD.org</li>
  </ul>
  <p>The list of released advisories can be found on the <a
      href="advisories.html">FreeBSD Security Advisories</a> page.</p>
  <p>Advisories are always signed using the FreeBSD Security Officer
    <a href="so_public_key.asc">PGP key</a> and are archived, along
    with their associated patches, at the <a
      href="http://security.FreeBSD.org/">http://security.FreeBSD.org/</a>
    web server in the <a
      href="http://security.FreeBSD.org/advisories/">advisories</a>
    and <a href="http://security.FreeBSD.org/patches/">patches</a>
    subdirectories.</p>
  <p>The FreeBSD Security Officer provides security advisories for
    <em>-STABLE Branches</em> and the <em>Security Branches</em>.
    (Advisories are not issued for the <em>-CURRENT Branch</em>,
    which is primarily oriented towards &os; developers.)</p>
  <ul>
    <li><p>The -STABLE branch tags have
 	names like <tt>stable/10</tt>.  The corresponding builds have
      names like <tt>FreeBSD 10.1-STABLE</tt>.</p></li>
    <li><p>Each FreeBSD Release has an associated Security Branch.
 	The Security Branch tags have names like <tt>releng/10.1</tt>.
      The corresponding builds have names like <tt>FreeBSD
      10.1-RELEASE-p4</tt>.</p></li>
  </ul>
  <p>Issues affecting the FreeBSD Ports Collection are covered separately in <a
      href="http://vuxml.FreeBSD.org/">the FreeBSD VuXML
      document</a>.</p>
  <a name="how"></a>
  <h2>How to update your system</h2>
@ -70,6 +122,9 @@
  <a name="sup"></a>
  <h2>Supported FreeBSD releases</h2>
  <p>Each release is supported by the Security Officer for a limited
    time only.</p>
  <p>The designation and expected lifetime of all currently supported
    branches
    and their respective releases
@ -78,19 +133,10 @@
    branch or release will end.  Please note that these dates may be
    pushed back if circumstances warrant it.</p>
-  <p>Effective &os;&nbsp;11.0-RELEASE, the support model has been
+  <p>Older releases are not maintained and users are strongly
-    changed to allow more rapid development while also providing
+    encouraged to upgrade to one of the supported releases mentioned
-    timely security updates for all supported releases.</p>
+    above.  A list of unsupported releases can be found <a
-
+      href="unsupported.html">here</a>.</p>
  <p>Under the new support model, each major version's stable branch
    is explicitly supported for 5 years, while each individual point
    release is only supported for three months after the next point
    release.</p>
  <p>The details and rationale behind this change can be found in the
      <a
 	href="https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html">official
 	announcement</a> sent in February 2015.</p>
  <!--
      Please also update head/en_US.ISO8859-1/htdocs/releng/index.xml
@ -162,57 +208,36 @@
    </tr>
  </table>
-  <p>Older releases are not maintained and users are strongly
+  <p>In the run-up to a release, a number of -BETA
-    encouraged to upgrade to one of the supported releases mentioned
+    and -RC releases may be published for testing purposes.  These releases are only
-    above.  A list of unsupported releases can be found <a
+    supported for a few weeks, as resources permit, and will not be
-      href="unsupported.html">here</a>.</p>
+    listed as supported on this page.  Users are strongly discouraged
    from running these releases on production systems.</p>
-  <p>Advisories are sent to the following FreeBSD mailing lists:</p>
+  <a name="model"></a>
-  <ul>
+  <h2>The FreeBSD support model</h2>
    <li>FreeBSD-security-notifications@FreeBSD.org</li>
    <li>FreeBSD-security@FreeBSD.org</li>
    <li>FreeBSD-announce@FreeBSD.org</li>
  </ul>
-  <p>The list of released advisories can be found on the <a
+  <p>Effective &os;&nbsp;11.0-RELEASE, the support model has been
-      href="advisories.html">FreeBSD Security Advisories</a> page.</p>
+    changed to allow more rapid development while also providing
    timely security updates for all supported releases.</p>
-  <p>Advisories are always signed using the FreeBSD Security Officer
+  <p>Under the new support model, each major version's stable branch
-    <a href="so_public_key.asc">PGP
+    is explicitly supported for 5 years, while each individual point
-      key</a> and are archived, along with their associated patches, at
+    release is only supported for three months after the next point
-    the <a href="http://security.FreeBSD.org/">http://security.FreeBSD.org/</a>
+    release.</p>
    web server in the <a
      href="http://security.FreeBSD.org/advisories/">advisories</a> and <a
      href="http://security.FreeBSD.org/patches/">patches</a>
    subdirectories.</p>
-  <p>The FreeBSD Security Officer provides security advisories for
+  <p>The details and rationale behind this change can be found in the
-    <em>-STABLE Branches</em> and the <em>Security Branches</em>.
+      <a
-    (Advisories are not issued for the <em>-CURRENT Branch</em>.)</p>
+	href="https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html">official
 	announcement</a> sent in February 2015.</p>
-  <ul>
+  <p>Previously, branches were designated as either <em>Normal</em> or
-    <li><p>The -STABLE branch tags have
+    <em>Extended</em>.  The designation was used as a guideline for
 	names like <tt>stable/10</tt>.  The corresponding builds have
      names like <tt>FreeBSD 10.1-STABLE</tt>.</p></li>
    <li><p>Each FreeBSD Release has an associated Security Branch.
 	The Security Branch tags have names like <tt>releng/10.1</tt>.
      The corresponding builds have names like <tt>FreeBSD
      10.1-RELEASE-p4</tt>.</p></li>
  </ul>
  <p>Issues affecting the FreeBSD Ports Collection are covered in <a
      href="http://vuxml.FreeBSD.org/">the FreeBSD VuXML
      document</a>.</p>
  <p>Each branch is supported by the Security Officer for a limited
    time only, and is designated as either <em>Normal</em> or
    <em>Extended</em>.  The designation is used as a guideline for
    determining the lifetime of the branch as follows:</p>
  <dl>
    <dt>Normal</dt>
-    <dd>Releases which are published from a -STABLE branch will be
+    <dd>Releases which are published from a -STABLE branch were
      supported by the Security Officer for a minimum of 12 months after the
      release, and for sufficient additional time (if needed) to ensure
      that there is a newer release for at least 3 months before the
@ -220,18 +245,12 @@
    </dd>
    <dt>Extended</dt>
    <dd>Selected releases (normally every second release plus the last
-      release from each -STABLE branch) will be supported by the
+      release from each -STABLE branch) were supported by the
      Security Officer for a minimum of 24 months after the release,
      and for sufficient additional time (if needed) to ensure that
      there is a newer Extended release for at least 3 months before the
      older Extended release expires.
    </dd>
  </dl>
  <p>In the run-up to a Normal or Extended release, a number of -BETA
    and -RC releases may be published.  These releases are only
    supported for a few weeks, as resources permit, and will not be
    listed as supported on this page.  Users are strongly discouraged
    from running these releases on production systems.</p>
 </body>
 </html>