index.html

hwright Tue, 12 Jun 2012 05:42:09 -0700

Author: hwright
Date: Tue Jun 12 12:41:42 2012
New Revision: 1349302

URL: http://svn.apache.org/viewvc?rev=1349302&view=rev
Log:
Attempt to document how we handle security issues.  This just consolidates
existing content, introducing pointers where needed from other places.


* publish/security/index.html:
  Remove text, and point to issues#security.

* publish/docs/community-guide/releasing.part.html:
  Add section about security releases, pointing to issues#security.

* publish/docs/community-guide/issues.part.html:
  Add security section, with initial content copied from /security/index.html.

* publish/docs/community-guide/issues.toc.html:
  Add security section to Issues page ToC.

Modified:
    subversion/site/publish/docs/community-guide/issues.part.html
    subversion/site/publish/docs/community-guide/issues.toc.html
    subversion/site/publish/docs/community-guide/releasing.part.html
    subversion/site/publish/security/index.html

Modified: subversion/site/publish/docs/community-guide/issues.part.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/issues.part.html?rev=1349302&r1=1349301&r2=1349302&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/issues.part.html (original)
+++ subversion/site/publish/docs/community-guide/issues.part.html Tue Jun 12 
12:41:42 2012
@@ -396,4 +396,32 @@ release, so urgent issues would go there
 
 </div> <!-- issue-triage -->
 
+<div class="h2" id="security">
+<h2>How to Handle Security Issues
+  <a class="sectionlink" href="<!--#echo var="GUIDE_ISSUES_PAGE" -->#security"
+    title="Link to this section">&para;</a>
+</h2>
+
+<div class="bigpoint">
+
+<p>This document is for information about how Subversion developers respond to
+security issues.  To report an issue, please see the <a href="/security/">
+Security reporting instructions</a>.</p>
+
+</div>
+
+<p>Subversion's first job is keeping your data safe.  To do that, the
+Subversion development community takes security very seriously.  One way we
+demonstrate this is by not pretending to be cryptography or security experts.
+Rather than writing a bunch of proprietary security mechanisms for Subversion,
+we prefer instead to teach Subversion to interoperate with security libraries
+and protocols provided by those with knowledge of that space.  For example,
+Subversion defers wire encryption to the likes of OpenSSL.  It defers
+authentication and basic authorization to those mechanisms provided by Cyrus
+SASL or by the Apache HTTP Server and its rich collection of modules.  To the
+degree that we can leverage the knowledge of security experts by using the
+third-party libraries and APIs they provide, we will continue to do so.</p>
+
+</div> <!-- security -->
+
 </div> <!-- issues -->

Modified: subversion/site/publish/docs/community-guide/issues.toc.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/issues.toc.html?rev=1349302&r1=1349301&r2=1349302&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/issues.toc.html (original)
+++ subversion/site/publish/docs/community-guide/issues.toc.html Tue Jun 12 
12:41:42 2012
@@ -4,6 +4,7 @@
   <li><a href="#bugs-where">Where to report a bug</a></li>
   <li><a href="#milestones">Milestone management</h1></li>
   <li><a href="#issue-triage">Issue triage</a></li>
+  <li><a href="#security">Security</a></li>
 </ul>
 <!--#else -->
 <ul>
@@ -11,5 +12,6 @@
   <li><a href="issues.html#bugs-where">Where to report a bug</a></li>
   <li><a href="issues.html#milestones">Milestone management</h1></li>
   <li><a href="issues.html#issue-triage">Issue triage</a></li>
+  <li><a href="issues.html#security">Security</a></li>
 </ul>
 <!--#endif -->

Modified: subversion/site/publish/docs/community-guide/releasing.part.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/releasing.part.html?rev=1349302&r1=1349301&r2=1349302&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/releasing.part.html (original)
+++ subversion/site/publish/docs/community-guide/releasing.part.html Tue Jun 12 
12:41:42 2012
@@ -314,6 +314,18 @@ compatibility questions:</p>
 
 </div> <!-- release-compat -->
 
+<div class="h3" id="security-releases">
+<h3>Security releases
+  <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" 
-->#security-releases"
+    title="Link to this section">&para;</a>
+</h3>
+
+<p>Occasionally, security releases are reported or discovered in the Subversion
+which warrant special treatment.  The general release process is the same, and
+details of how the developers treat these issues is covered <a 
href="issues.html#security">elsewhere</a>.</p>
+
+</div> <!-- security-releases -->
+
 <div class="h3" id="custom-releases">
 <h3>Custom releases
   <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" 
-->#custom-releases"

Modified: subversion/site/publish/security/index.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/security/index.html?rev=1349302&r1=1349301&r2=1349302&view=diff
==============================================================================
--- subversion/site/publish/security/index.html (original)
+++ subversion/site/publish/security/index.html Tue Jun 12 12:41:42 2012
@@ -30,18 +30,8 @@
 
 </div> <!-- .bigpoint -->
 
-<p>The Subversion development community takes security very seriously.
-   One way we demonstrate this is by not pretending to be cryptography
-   or security experts.  Rather than writing a bunch of proprietary
-   security mechanisms for Subversion, we prefer instead to teach
-   Subversion to interoperate with security libraries and protocols
-   provided by those with knowledge of that space.  For example,
-   Subversion defers wire encryption to the likes of OpenSSL.  It
-   defers authentication and basic authorization to those mechanisms
-   provided by Cyrus SASL or by the Apache HTTP Server and its rich
-   collection of modules.  To the degree that we can leverage the
-   knowledge of security experts by using the third-party libraries
-   and APIs they provide, we will continue to do so.</p>
+<p>To learn more about how the Subversion development team treats discovered
+and reported security vulnerabilities, please visit the <a 
href="/docs/community-guide/issues.html#security">Security section</a> of the 
Community Guide.</p>
 
 <h2 id="advisories">Previous Security Advisories
   <a class="sectionlink" href="#advisories"

svn commit: r1349302 - in /subversion/site/publish: docs/community-guide/issues.part.html docs/community-guide/issues.toc.html docs/community-guide/releasing.part.html security/index.html

Reply via email to