<li> 20100421: reviewed and dropped the BLUE changes that introduced AE, etc. </li>
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board. </li>
<li><big><u>20100404: status changes to WIP</u></big><br/>
<li><big>20100404: status changes to WIP</big><br/>
<spanclass="q"> Security Policy is no longer binding, as of 20100404</span></li>
<li> 20901213: addition of WIP changes </li>
<li> 20090327: status change to DRAFT <ahref="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>. </li>
</ul>
<p>
WIP Changes are all marked in <spanclass="change">BLUE</span> or <spanclass="change"><s>struck-out</s>.</span>
WIP Changes are all marked in <spanclass="change">BLUE</span> or <spanclass="strike">struck-out</span>.
Explanatory comments in <spanclass="q">GREEN</span> are not part of text.<br/>
</p>
<pclass="q"> Start of Policy</p>
<hr>
<hr/>
<h1>Security Policy for CAcert Systems</h1>
<!-- Absolute URL because the policies are located absolutely. -->
@ -70,12 +71,12 @@ Explanatory comments in <span class="q">GREEN</span> are not part of text.<br />
Editor: iang<br/>
Status: <b>WIP <ahref="https://community.cacert.org/board/motions.php?motion=m20100327.2">m20100327.2</a></b> as of 20100404 00:00:02 UTC<br/><br/>
</td><tdalign="right">
<ahref="http://www.cacert.org/policy/PolicyOnPolicy.php"><imgalign="right"src="Images/cacert-wip.png"alt="Security Policy Status == WIP"border="0"></a>
<ahref="http://www.cacert.org/policy/PolicyOnPolicy.php"><img src="Images/cacert-wip.png"alt="Security Policy Status == WIP"style="border-width:0"/></a>
</td></table>
<h2><aname="1">1.</a> INTRODUCTION</h2>
<h2id="1">1. INTRODUCTION</h2>
<h3><aname="1.1">1.1.</a> Motivation and Scope </h3>
<h3id="s1.1">1.1. Motivation and Scope </h3>
<p>
This Security Policy sets out the policy
for the secure operation of the CAcert critical computer systems.
@ -217,8 +218,10 @@ The SM says how things are done.
As practices are things that vary from time to time,
including between each event of practice,
the SM is under the direct control of the
<spanclass="strike">
Systems Administration team
</span>
<spanclass="change">
<s>Systems Administration team</s>
applicable team leaders.
</span>
It is located and version-controlled on the CAcert wiki.
@ -393,7 +396,7 @@ Arbitrator must be sought as soon as possible.
The Application Engineer is a role within Software Assessment
team that is approved to install into production the
patches that are signed off.
<s>
<span class="strike">
Once signed off, the Application Engineer
commits the patch from the development repository
to the production repository,
@ -1017,7 +1020,7 @@ into the running code.
The Application Engineer is responsible for basic
testing of functionality and emergency fixes,
which then must be back-installed into the repositories.
</s>
</span>
</p>
<pclass="change">
@ -1349,7 +1352,7 @@ Components may be outsourced.
Team leaders may outsource non-critical components
on notifying the Board.
Critical components must be approved by the Board.
<p>
</p>
<p>
Any outsourcing arrangements must be documented.
@ -1429,7 +1432,7 @@ Relevant and helpful Documents should be referenced for convenience.
<hr>
<ahref="http://validator.w3.org/check?uri=referer"><imgsrc="Images/valid-html401-blue.png"id="graphics2"alt="Valid HTML 4.01"align="right"border="0" height="33"width="90"></a>
<hr/>
<ahref="http://validator.w3.org/check?uri=referer"><imgsrc="Images/valid-html401-blue.png"id="graphics2"alt="Valid HTML 4.01"border="0"style="float: right; border-width: 0" height="33"width="90"/></a>
<pclass="q">This is the end of the Security Policy.</p>