The branch master has been updated
via 77b2d58ef676a3ed2fcb3fbd5da51cc944d8d1d0 (commit)
from 2c32fe9b46b1bb3381f40d465adac1614ea2f4c1 (commit)
- Log -----------------------------------------------------------------
commit 77b2d58ef676a3ed2fcb3fbd5da51cc944d8d1d0
Author: Tim Hudson <[email protected]>
Date: Fri Nov 24 21:23:38 2017 +1000
align policy wording with bylaws
remove historical introduction text
-----------------------------------------------------------------------
Summary of changes:
policies/secpolicy.html | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index 5dbd624..d6c691c 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -19,11 +19,8 @@
<h2>Introduction</h2>
- <p>Recent flaws have captured the attention of the media
- and highlighted how much of the internet infrastructure is
- based on OpenSSL. We've never published our policy on how
- we internally handle security issues; that process being
- based on experience and has evolved over the years.</p>
+ <p>Our policy on how we internally handle security issues
+ is based on experience and has evolved over the years.</p>
<h2>Reporting security issues</h2>
@@ -39,7 +36,7 @@
When we are notified about an issue we engage resources
within the OpenSSL team to investigate and prioritise it.
We may also utilise resources from the employers of our team
- members, as well as others we have worked with before.
+ members or committers, as well as others we have worked with before.
</p>
<h2>Background</h2>
@@ -101,7 +98,7 @@
<p>This leads us to our policy for security issues notified
to us or found by our team which are not yet public.</p>
- <p>"private" means kept within the OpenSSL development
+ <p>"private" means kept within the OpenSSL management
team.</p>
<p>We will determine the risk of each issue being addressed.
@@ -153,8 +150,8 @@
</ul>
<p>During the investigation of issues we may work with individuals
- and organisations who are not on the development team. We do this
- because past experience has shown that they can add value to our
+ and organisations who are not on the OpenSSL Management Committee.
+ We do this because past experience has shown that they can add
value to our
understanding of the issue and the ability to test patches. In
cases where protocols are affected this is the best way to
mitigate the risk that a poorly reviewed update causes significant
@@ -166,8 +163,8 @@
<h2>Prenotification policy</h2>
<p>Where we are planning an update that fixes security issues
- we will notify the openssl-announce list and update the home
- page to give our scheduled update release date and time and
+ we will notify the openssl-announce list and update the openssl
+ website to give our scheduled update release date and time and
the severity of issues being fixed by the update. No further
information about the issues will be given. This is to aid
organisations that need to ensure they have staff available
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
