Remove myself as so-deputy. It had been a journey. Thanks all!
This commit is contained in:
parent
01ce8998b7
commit
e08d682f8a
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=52958
4 changed files with 39 additions and 8 deletions
|
@ -167,7 +167,6 @@
|
|||
<li>&a.joneum.email;</li>
|
||||
<li>&a.feld.email;</li>
|
||||
<li>&a.miwi.email;</li>
|
||||
<li>&a.remko.email;</li>
|
||||
<li>&a.zi.email;</li>
|
||||
<li>&a.simon.email;</li>
|
||||
<li>&a.sbz.email;</li>
|
||||
|
@ -197,7 +196,6 @@
|
|||
<li>&a.blackend.email;</li>
|
||||
<li>&a.rgrimes.email;</li>
|
||||
<li>&a.delphij.email;</li>
|
||||
<li>&a.remko.email; (Security Team Liaison)</li>
|
||||
<li>&a.hrs.email;</li>
|
||||
<li>&a.glebius.email;</li>
|
||||
<li>&a.marius.email; (Deputy Lead)</li>
|
||||
|
@ -278,7 +276,6 @@
|
|||
<li>&a.des.email; (Officer Emeritus)</li>
|
||||
<li>&a.gjb.email; (Cluster Administrators Team Liaison)</li>
|
||||
<li>&a.emaste.email; (Officer Deputy)</li>
|
||||
<li>&a.remko.email; (Officer Deputy)</li>
|
||||
<li>&a.brooks.email; (Core Team Liaison)</li>
|
||||
</ul>
|
||||
|
||||
|
|
|
@ -88,10 +88,6 @@
|
|||
<td>&a.emaste.email;</td>
|
||||
<td>Deputy Security Officer</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td>&a.remko.email;</td>
|
||||
<td>Deputy Security Officer</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td>&a.delphij.email;</td>
|
||||
<td>Security Officer Emeritus</td>
|
||||
|
|
|
@ -52,6 +52,44 @@
|
|||
href="reporting.html">reporting FreeBSD security incidents</a>
|
||||
page.</p>
|
||||
|
||||
<a name="when-reporting"></a>
|
||||
<h2>When is a Security Advisory considered?</h2>
|
||||
|
||||
<p>For every issue that gets reported, an internal tracking number is
|
||||
created, unless something is very obviously not a security issue.
|
||||
To determine whether or not a Security Advisory is warranted we use
|
||||
the following scheme:</p>
|
||||
|
||||
<ul>
|
||||
<li>Is it a privilege escalation vulnerability?</li>
|
||||
<li>Is it a code injection vulnerability?</li>
|
||||
<li>Is it a memory disclosure or dataleak vulnerability?
|
||||
<ul>
|
||||
<li>From either the kernel</li>
|
||||
<li>From a privileged process</li>
|
||||
<li>From a process owned by another user?</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Is it a Denial of Service vulnerability?
|
||||
<ul>
|
||||
<li>Only when remotely exploitable, where remotely means that it
|
||||
comes from a different broadcast domain, so ARP and/or NDP based
|
||||
attacks do not qualify.</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Is it an unassisted jailbreak vulnerability?</li>
|
||||
<li>Is it a malfunction that could lead to generating insecure crypto keys,
|
||||
such as a PRNG bug?</li>
|
||||
</ul>
|
||||
|
||||
<p>For items that fall under these categories, a Security Advisory is very likely.
|
||||
Items that are not on this list are looked into individually and it will be determined
|
||||
then whether or not it will receive a Security Advisory or an Errata Notice.</p>
|
||||
|
||||
<p>Once it had been determined that a Security Advisory is warranted, either the
|
||||
submitter delivers a CVE number if he/she already requested one, or we use one
|
||||
from the FreeBSD pool available.</p>
|
||||
|
||||
<a name="recent"></a>
|
||||
<h2>Recent FreeBSD security vulnerabilities</h2>
|
||||
|
||||
|
|
|
@ -2662,7 +2662,7 @@
|
|||
<!ENTITY a.so '&a.gordon;'>
|
||||
<!ENTITY a.so.email '&a.gordon.email;'>
|
||||
|
||||
<!ENTITY a.so-team '&a.delphij;, &a.des;, &a.gavin;, &a.gjb;, &a.glebius;, &a.remko;'>
|
||||
<!ENTITY a.so-team '&a.delphij;, &a.des;, &a.emaste; &a.gavin;, &a.gjb;'>
|
||||
|
||||
<!-- FreeBSD cluster entities -->
|
||||
<!ENTITY a.keymaster "Self-Serve SSH key changer">
|
||||
|
|
Loading…
Reference in a new issue