[openssl-commits] [web] master update

Tim Hudson tjh at openssl.org
Fri Nov 24 11:24:22 UTC 2017 

The branch master has been updated
       via  77b2d58ef676a3ed2fcb3fbd5da51cc944d8d1d0 (commit)
      from  2c32fe9b46b1bb3381f40d465adac1614ea2f4c1 (commit)


- Log -----------------------------------------------------------------
commit 77b2d58ef676a3ed2fcb3fbd5da51cc944d8d1d0
Author: Tim Hudson <tjh at cryptsoft.com>
Date:   Fri Nov 24 21:23:38 2017 +1000

    align policy wording with bylaws
    
    remove historical introduction text

-----------------------------------------------------------------------

Summary of changes:
 policies/secpolicy.html | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index 5dbd624..d6c691c 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -19,11 +19,8 @@
 
 	    <h2>Introduction</h2>
 
-	    <p>Recent flaws have captured the attention of the media
-	    and highlighted how much of the internet infrastructure is
-	    based on OpenSSL.  We've never published our policy on how
-	    we internally handle security issues; that process being
-	    based on experience and has evolved over the years.</p>
+	    <p>Our policy on how we internally handle security issues
+	    is based on experience and has evolved over the years.</p>
 
 	    <h2>Reporting security issues</h2>
 
@@ -39,7 +36,7 @@
 	    When we are notified about an issue we engage resources
 	    within the OpenSSL team to investigate and prioritise it.
 	    We may also utilise resources from the employers of our team
-	    members, as well as others we have worked with before.
+	    members or committers, as well as others we have worked with before.
 	    </p>
 
 	    <h2>Background</h2>
@@ -101,7 +98,7 @@
 	    <p>This leads us to our policy for security issues notified
 	    to us or found by our team which are not yet public.</p>
 
-	    <p>"private" means kept within the OpenSSL development
+	    <p>"private" means kept within the OpenSSL management 
 	    team.</p>
 
 	    <p>We will determine the risk of each issue being addressed.
@@ -153,8 +150,8 @@
 	    </ul>
 
 	    <p>During the investigation of issues we may work with individuals
-	    and organisations who are not on the development team.  We do this
-	    because past experience has shown that they can add value to our
+	    and organisations who are not on the OpenSSL Management Committee.  
+	    We do this because past experience has shown that they can add value to our
 	    understanding of the issue and the ability to test patches.  In
 	    cases where protocols are affected this is the best way to
 	    mitigate the risk that a poorly reviewed update causes significant
@@ -166,8 +163,8 @@
 	    <h2>Prenotification policy</h2>
 
 	    <p>Where we are planning an update that fixes security issues
-	    we will notify the openssl-announce list and update the home
-	    page to give our scheduled update release date and time and
+	    we will notify the openssl-announce list and update the openssl
+	    website to give our scheduled update release date and time and
 	    the severity of issues being fixed by the update.  No further
 	    information about the issues will be given.  This is to aid
 	    organisations that need to ensure they have staff available

More information about the openssl-commits mailing list