Update to reflect reality:

1. The security-officer alias goes to three people, not four; there is
one member of the core team on the alias, not two.
2. Our set of close working relationships includes DragonFlyBSD as well
as the older BSDs.
3. We usually commit security fixes to HEAD and the security branches
(nearly) simultaneously; there is no longer a significant lag between
disclosure-via-CVS and the advisory being sent out.

With hat:	secteam

en/security/security.sgml

@@ -1,11 +1,11 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" [
 <!ENTITY base CDATA "..">
-<!ENTITY date "$FreeBSD: www/en/security/security.sgml,v 1.169 2005/01/20 15:13:35 nectar Exp $">
+<!ENTITY date "$FreeBSD: www/en/security/security.sgml,v 1.170 2005/01/25 19:24:09 nectar Exp $">
 <!ENTITY title "FreeBSD Security Information">
 <!ENTITY % includes SYSTEM "../includes.sgml"> %includes;
 <!ENTITY advisories.html.inc SYSTEM "advisories.html.inc">
 ]>
-<!-- $FreeBSD: www/en/security/security.sgml,v 1.169 2005/01/20 15:13:35 nectar Exp $ -->
+<!-- $FreeBSD: www/en/security/security.sgml,v 1.170 2005/01/25 19:24:09 nectar Exp $ -->
 
 <html>
     &header;
@@ -62,9 +62,9 @@ Officer</A> with a description of what you have found and the type of
 vulnerability it represents.</P>
 
 <p>In order that the FreeBSD Project may respond to vulnerability
-reports in a timely manner, there are four members of the Security
+reports in a timely manner, there are three members of the Security
 Officer mail alias: the Security Officer, the Deputy Security Officer,
-and two Core Team members.  Therefore, messages sent to the
+and one Core Team member.  Therefore, messages sent to the
 <a
 href="mailto:security-officer@FreeBSD.org">&lt;security-officer@FreeBSD.org&gt;</a>
 mail alias are currently delivered to:</p>
@@ -134,7 +134,8 @@ severity.</p>
 
 <p>The FreeBSD Security Officer has close working relationships
 with a number of other organizations, including third-party vendors
-that share code with FreeBSD (the OpenBSD and NetBSD projects,
+that share code with FreeBSD (the OpenBSD, NetBSD and 
+DragonFlyBSD projects,
 Apple, and other vendors deriving software from FreeBSD, as well
 as the Linux vendor security list), as well as organizations
 that track vulnerabilities and security incidents, such as CERT.
@@ -160,16 +161,6 @@ that if the vulnerability is being actively discussed in public forums
 choose not to follow a proposed disclosure timeline in order to
 provide maximum protection for the user community.</p>
 
-<p>Submitters should be aware that the FreeBSD Project is an open
-source project, and source revision control information for every
-change made to the FreeBSD source tree is publicly accessible.  If a
-disclosure schedule is provided, it should take into account both the
-official release of advisory, patch, and update information, as well
-as initial inclusion of fixes in the FreeBSD source tree.  There is
-necessarily a lag between the inclusion of fixes in the tree and the
-generation and releases of advisories, patches, and binary updates, as
-the source control system is used to generate them.</p>
-
 <p>Submissions may be protected using PGP.  If desired, responses will
 also be protected using PGP.</p>
 
@@ -282,12 +273,6 @@ branch's support being dropped earlier than the date listed.</P>
 <P>Older releases are not maintained and users are strongly encouraged
 to upgrade to one of the supported releases mentioned above.</P>
 
-<P>Like all development efforts, security fixes are first brought into
-the <A HREF="../doc/en_US.ISO8859-1/books/handbook/cutting-edge.html#CURRENT">FreeBSD-current</A> branch.
-After a couple of days and some testing, the fix is retrofitted into
-the supported FreeBSD-stable branch(es) and an advisory is then sent
-out.</P>
-
 <P>Some statistics about advisories released during 2002:</P>
 <UL>
 <LI>44 advisories of varying severity were issued for the base system.</LI>