|
|
@ -801,13 +801,13 @@ Additions to the team are approved by Board
|
|
|
|
The primary tasks are:
|
|
|
|
The primary tasks are:
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
<ol><li>
|
|
|
|
<ol><li>
|
|
|
|
Keep the code secure,
|
|
|
|
Keep the code secure in its operation,
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
Fix security bugs, including incidents,
|
|
|
|
Fix security bugs, including incidents,
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
Audit, Verify and sign-off proposed patches,
|
|
|
|
Audit, Verify and sign-off proposed patches,
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
Assist Systems Administration team in inserting patches,
|
|
|
|
Guide Systems Administration team in inserting patches,
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
Provide guidance for architecture,
|
|
|
|
Provide guidance for architecture,
|
|
|
|
</li></ol>
|
|
|
|
</li></ol>
|
|
|
@ -821,25 +821,21 @@ In principle, anyone can submit code changes for approval.
|
|
|
|
<h3> <a name="7.3"> 7.3. </a> Repository </h3>
|
|
|
|
<h3> <a name="7.3"> 7.3. </a> Repository </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
The application code and patches are maintained in a
|
|
|
|
The application code and patches are maintained
|
|
|
|
central version control system by the
|
|
|
|
in a central repository that is run by the
|
|
|
|
software development team.
|
|
|
|
software development team.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
The integrity of the central version control system
|
|
|
|
|
|
|
|
is crucial for the integrity of the applications running
|
|
|
|
|
|
|
|
on the critical systems.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="7.4"> 7.4. </a> Review </h3>
|
|
|
|
<h3> <a name="7.4"> 7.4. </a> Review </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Patches are signed off by the team leader
|
|
|
|
At the minimum,
|
|
|
|
|
|
|
|
patches are signed off by the team leader
|
|
|
|
or his designated reviewer.
|
|
|
|
or his designated reviewer.
|
|
|
|
Each software change should be reviewed
|
|
|
|
Each software change should be reviewed
|
|
|
|
by a person other than the author.
|
|
|
|
by a person other than the author.
|
|
|
|
Author and sign-off must be logged.
|
|
|
|
Author and signers-off must be logged.
|
|
|
|
|
|
|
|
The riskier the source is, the more reviews have to be done.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="7.5"> 7.5. </a> Test and Bugs </h3>
|
|
|
|
<h3> <a name="7.5"> 7.5. </a> Test and Bugs </h3>
|
|
|
@ -853,9 +849,10 @@ Test status of each patch must be logged.
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Software Development team maintains a bug system.
|
|
|
|
Software Development team maintains a bug system.
|
|
|
|
Primary communications should go through this system.
|
|
|
|
Primary communications should go through this system.
|
|
|
|
Access should be granted to all software developers,
|
|
|
|
Management access should be granted to all software developers,
|
|
|
|
systems administrators, and patch contributors.
|
|
|
|
and systems administrators.
|
|
|
|
Access may be granted to other Members.
|
|
|
|
Bug submission access should be provided to
|
|
|
|
|
|
|
|
any Member that requests it.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="7.6"> 7.6. </a> Handover </h3>
|
|
|
|
<h3> <a name="7.6"> 7.6. </a> Handover </h3>
|
|
|
|