review of section 7

git-svn-id: http://svn.cacert.org/CAcert/Policies@1194 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ian Grigg 2009-03-04 21:51:20 +00:00
parent e66491d7cb
commit 209542acc6

View file

@ -801,13 +801,13 @@ Additions to the team are approved by Board
The primary tasks are: The primary tasks are:
</p> </p>
<ol><li> <ol><li>
Keep the code secure, Keep the code secure in its operation,
</li><li> </li><li>
Fix security bugs, including incidents, Fix security bugs, including incidents,
</li><li> </li><li>
Audit, Verify and sign-off proposed patches, Audit, Verify and sign-off proposed patches,
</li><li> </li><li>
Assist Systems Administration team in inserting patches, Guide Systems Administration team in inserting patches,
</li><li> </li><li>
Provide guidance for architecture, Provide guidance for architecture,
</li></ol> </li></ol>
@ -821,25 +821,21 @@ In principle, anyone can submit code changes for approval.
<h3> <a name="7.3"> 7.3. </a> Repository </h3> <h3> <a name="7.3"> 7.3. </a> Repository </h3>
<p> <p>
The application code and patches are maintained in a The application code and patches are maintained
central version control system by the in a central repository that is run by the
software development team. software development team.
</p> </p>
<p>
The integrity of the central version control system
is crucial for the integrity of the applications running
on the critical systems.
</p>
<h3> <a name="7.4"> 7.4. </a> Review </h3> <h3> <a name="7.4"> 7.4. </a> Review </h3>
<p> <p>
Patches are signed off by the team leader At the minimum,
patches are signed off by the team leader
or his designated reviewer. or his designated reviewer.
Each software change should be reviewed Each software change should be reviewed
by a person other than the author. by a person other than the author.
Author and sign-off must be logged. Author and signers-off must be logged.
The riskier the source is, the more reviews have to be done.
</p> </p>
<h3> <a name="7.5"> 7.5. </a> Test and Bugs </h3> <h3> <a name="7.5"> 7.5. </a> Test and Bugs </h3>
@ -853,9 +849,10 @@ Test status of each patch must be logged.
<p> <p>
Software Development team maintains a bug system. Software Development team maintains a bug system.
Primary communications should go through this system. Primary communications should go through this system.
Access should be granted to all software developers, Management access should be granted to all software developers,
systems administrators, and patch contributors. and systems administrators.
Access may be granted to other Members. Bug submission access should be provided to
any Member that requests it.
</p> </p>
<h3> <a name="7.6"> 7.6. </a> Handover </h3> <h3> <a name="7.6"> 7.6. </a> Handover </h3>