cfd9e12239
- Move includes.nav*.sgml to share/sgml/navibar.ent and
<lang>/share/sgml/nabibar.l10n.ent.
- Move includes.sgml and includes.xsl to
share/sgml/common.ent, share/sgml/header.ent, <lang>/share/sgml/l10n.ent,
and <lang>?share/sgml/header.l10n.ent.
- Move most of XSLT libraries to share/sgml/*.xsl and
<lang>/share/sgml/*.xsl.
- Move news.xml and other *.xml files for the similar purpose
to share/sgml/*.xml and <lang>/share/sgml/*.xml.
- Switch to use a custom DTD for HTML document. Now we use
"-//FreeBSD//DTD HTML 4.01 Transitional-Based Extension", which is
HTML 4.01 + some entities previously pulled via
"<!ENTITY % includes SYSTEM "includes.sgml"> %includes;" line.
The location of entity file will be resolved by using catalog file.
- Add DOCTYPE declearation to XML documents. This makes the followings
possible:
* Use of &foo; entities for SGML in an XML file instead of defining
{$foo} as the same content.
* &symbolic; entities for Latin characters.
- Duplicated information between SGML and XML, or English and
translated doc, has been removed as much as possible.
100 lines
3.8 KiB
Text
100 lines
3.8 KiB
Text
<!DOCTYPE HTML PUBLIC "-//FreeBSD//DTD HTML 4.01 Transitional-Based Extension//EN" [
|
|
<!ENTITY base CDATA "..">
|
|
<!ENTITY date "$FreeBSD: www/en/security/charter.sgml,v 1.4 2005/10/04 16:14:41 simon Exp $">
|
|
<!ENTITY title "FreeBSD Security Officer Charter">
|
|
<!ENTITY % navinclude.support "INCLUDE">
|
|
]>
|
|
|
|
<html>
|
|
&header;
|
|
|
|
<h2>FreeBSD Security Officer Charter</h2>
|
|
<p>[ Accepted by -core February 2002 ]</p>
|
|
|
|
<h3>1. Introduction</h3>
|
|
|
|
<p>The FreeBSD Security Officer's mission is to protect the
|
|
FreeBSD user community by keeping the community informed of
|
|
bugs, exploits, popular attacks, and other risks; by acting as
|
|
a liaison on behalf of the FreeBSD Project with external
|
|
organizations regarding sensitive, non-public security issues;
|
|
and by promoting the distribution of information needed to
|
|
safely run FreeBSD systems, such as system administration and
|
|
programming tips.</p>
|
|
|
|
<h3>2. Responsibilities</h3>
|
|
|
|
<p>The responsibilities of the Security Officer include:</p>
|
|
|
|
<ul>
|
|
<li>Resolving disputes involving security.</li>
|
|
|
|
<li>Resolving software bugs that affect the security of FreeBSD
|
|
in a timely fashion.</li>
|
|
|
|
<li>Issuing security advisories for FreeBSD.</li>
|
|
|
|
<li>Responding to vendor inquiries regarding security issues.</li>
|
|
|
|
<li>Auditing as much code as possible, but particularly security-
|
|
and network- related code.</li>
|
|
|
|
<li>Monitoring the appropriate channels for reports of bugs,
|
|
exploits, and other circumstances that may affect the security
|
|
of a FreeBSD system.</li>
|
|
|
|
<li>Participating in the architecture of FreeBSD in order to
|
|
influence a positive impact on system security.</li>
|
|
|
|
<li>The Security Officer maintains the FreeBSD Security Officer PGP
|
|
key.</li>
|
|
</ul>
|
|
|
|
<h3>3. Authorities</h3>
|
|
|
|
<p>The FreeBSD Core Team has delegated authority to the Security
|
|
Officer in matters of security, and the Security Officer is
|
|
accountable to the Core Team in the use of this authority. He
|
|
is expected to act with common sense and use appropriate discretion
|
|
when using any of the appointed powers. Any actions that conflict
|
|
with the committers' guidelines require particularly careful
|
|
judgment.</p>
|
|
|
|
<p>Specifically, subject to the accountability constraints, the
|
|
Security Officer is granted the following powers:</p>
|
|
|
|
<ul>
|
|
<li>Expedited commits: The Security Officer may forgo the usual
|
|
committers' guidelines in areas of security.</li>
|
|
|
|
<li>Veto: The Security Officer has the final say in security
|
|
matters, and may request the back-out of any commits or
|
|
elimination of any subsystems that he considers detrimental
|
|
to the security of FreeBSD.</li>
|
|
|
|
<li>Team: The Security Officer may maintain a Security Officer Team
|
|
and delegate these powers and responsibilities at his discretion.
|
|
Membership is selected by the Security Officer, but always
|
|
includes emeritus security officers --- just when they thought
|
|
they had paid their dues.</li>
|
|
|
|
<li>Mailing list: The <a href="mailto:security-officer@FreeBSD.org">
|
|
security-officer@FreeBSD.org</a> mailing list is administrated by
|
|
the Security Officer.</li>
|
|
</ul>
|
|
|
|
<h3>4. Structure</h3>
|
|
|
|
<p>A new Security Officer is appointed by the previous Security
|
|
Officer and ratified by the Core Team. The Security Officer
|
|
is accountable to the Core Team.</p>
|
|
|
|
<p>The Security Officer Team members are selected by the Security
|
|
Officer, and they are accountable to the Security Officer and to the
|
|
Core Team. Security Officer Team members are expected to assist the
|
|
Security Officer in fulfilling his responsibilities and otherwise
|
|
participate in protecting the FreeBSD user community.</p>
|
|
|
|
&footer;
|
|
</body>
|
|
</html>
|