changes to add the Application Engineer

git-svn-id: 14b1bab8-4ef6-0310-b690-991c95c89dfd
Ian Grigg 15 years ago
parent 64286af4bc
commit a66e571ab4

@ -4,6 +4,42 @@
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
<title>Security Policy</title>
<style type="text/css">
body {
font-family : verdana, helvetica, arial, sans-serif;
th {
text-align : left;
.q {
color : green;
font-weight: bold;
text-align: center;
.error {
color : red;
font-weight: bold;
text-align: center;
.change {
color : blue;
font-weight: bold;
a:hover {
color : gray;
<body lang="en-GB">
@ -11,7 +47,14 @@
<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-draft.png" alt="CAcert Security Policy Status == wip" border="0"></a>
Creation date: 20090216<br>
Status: <b>DRAFT 20090327</b>
Status: <b>DRAFT 20090327</b><br><br>
Changes: WIP 20090915<br>
<span class="change">work-in-progress additions are in BLUE</b>
(unvoted / nonbinding)<br>
work-in-progress deletions are </span> <s>struck-out in black</s>
<span class="change">but still DRAFT/binding</span> <br>
<span class="q">some random comments in GREEN added</span> <br>
<h2><a name="1">1.</a> INTRODUCTION</h2>
@ -49,6 +92,8 @@ These roles are directly covered:
Support Engineers
Software Assessors
</li><li class="change">
Application Engineers
<h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
@ -102,6 +147,14 @@ deriving from the above principles.
See &sect;1.1.
<dt class="change"><i>Application Engineer</i> </dt>
<dd class="change">
A Member who manages the critical application,
including installing them on the critical system,
final testing, emergency patching, and ad hoc scripting.
See &sect;x.x.
<dt><i>Software Assessor</i> </dt>
A Member who reviews patches for security and workability,
@ -440,25 +493,42 @@ independent of filed disputes.
<h3><a name="3.3"> 3.3.</a> Application </h3>
<p class="change">
Systems administration is to provide a limited environment
to Applications Engineers in order to install and maintain
the application.
<ul class="q">
<li> insert SSH / non-unix in SM? </li>
<li> move all below to &sect;7 </li>
Software assessment takes place on various test systems
(not a critical system). See &sect;7.
Once offered by Software Assessment (team),
system administration team leader has to
approve the installation of each release or patch.
Any changes made to source code must be referred
back to software assessment team
and installation needs to be deferred
until approved by the Software Assessment Team.
Requests to systems administration for ad hoc queries
over the database for business or similar purposes
must be approved by the Arbitrator.
<h3><a name="3.4"> 3.4.</a> Access control </h3>
@ -518,8 +588,8 @@ authorisations on the below access control lists
<td>systems administration team leader</td>
<td>Repository Access List</td>
<td>Software Assessors</td>
<td>change the source code repository</td>
<td><span class="change">Application Engineers</span><s>Software Assessors</s></td>
<td>change the source code repository <span class="change">and install patches to application</change></td>
<td>exclusive with Access Engineers and systems administrators</td>
<td>software assessment team leader</td>
@ -568,12 +638,16 @@ Access to Accounts
must be strictly controlled.
Passphrases and SSH private keys used for entering into the systems
will be kept private
to CAcert sysadmins in all cases.
to CAcert sysadmins
<span class="change">and Application Engineers</span>
in all cases.
<h5> <a name=""></a> Authorized users </h5>
Only System Administrators designated on the Access Lists
Only System Administrators
<span class="change">and Application Engineers</span>
designated on the Access Lists
in &sect;3.4.2 are authorized to access accounts,
unless specifically directed by the Arbitrator.
@ -825,7 +899,7 @@ infrastructure is not available.
Software assessment team is responsible
for the security of the code.
for the security <span class="change">and maintenance</span> of the code.
<h3> <a name="7.1"> 7.1. </a> Authority </h3>
@ -838,7 +912,7 @@ See &sect;3.4.2.
<h3> <a name="7.2"> 7.2. </a> Tasks </h3>
The primary tasks are:
The primary tasks <span class="change">for Software Assessors</span> are:
Keep the code secure in its operation,
@ -847,7 +921,7 @@ The primary tasks are:
Audit, Verify and sign-off proposed patches,
Guide Systems Administration team in inserting patches,
<s>Guide Systems Administration team in inserting patches,</s>
Provide guidance for architecture,
@ -857,6 +931,27 @@ Software assessment is not primarily tasked to write the code.
In principle, anyone can submit code changes for approval.
<p class="change">
The primary tasks for Application Engineers are:
<ol class="change"><li>
Installing signed-off patches,
Verifying correct running,
Correcting immediate errors and copying fixes back to
upstream repositories,
Running ad-hoc database scripts and other programs,
Repairing data errors,
Backing up at the database level,
Watching application-level logs.
<h3> <a name="7.3"> 7.3. </a> Repository </h3>
@ -866,6 +961,26 @@ in a central repository that is run by the
software assessment team.
<ul class="q">
<li> is this something that can be and is being run by systems administration team? </li>
<li> Or are their two, the test one and the critical one? </li>
<li> Like this: </li>
<p class="change">
The development code and testing patches are maintained
in a central development repository that is run by the
software assessment team.
<p class="change">
The production code is maintained in a secure production repository
within the critical systems that is run by the
systems administation team.
Access is made available to the Application Engineers.
<h3> <a name="7.4"> 7.4. </a> Review </h3>
@ -895,10 +1010,30 @@ Bug submission access should be provided to
any Member that requests it.
<h3> <a name="7.6"> 7.6. </a> Handover </h3>
<h3> <a name="7.6"> 7.6. </a> <s>Handover</s> <span class="change">Production</span> </h3>
<p class="change">
Application Engineers are roles within Software Assessment
team that are approved to install into production the
patches that are signed off.
Once signed off, the Application Engineer
commits the patch from the development repository
to the production repository,
and installs the patch from the production repository
into the running code.
The Application Engineer is responsible for basic
testing of functionality and emergency fixes,
which then must be back-installed into the repositories.
<p class="change">
Requests to Application Engineers for ad hoc queries over the database for business or similar purposes must be approved by the Arbitrator.
Once signed off, software assessment (team leader)
Once signed off,
software assessment (team leader)
coordinates with systems administration (team leader)
to offer the upgrade.
Upgrade format is to be negotiated,
@ -906,21 +1041,26 @@ but systems administration naturally has the last word.
Software Assessors are not to have access
to the critical systems, providing a dual control
at the teams level.
If compilation and/or other processing of the
application source code in the version control system
is necessary to deploy the application,
detailed installation instructions should also be
maintained in the version control system and offered to the
System Administrators.
Systems administrators copy the patches securely
from the software assessment repository
onto the critical machine.
See &sect;3.3.
@ -1013,6 +1153,7 @@ or Case Managers.
<li> Access Engineer: responsible for controlling access to hardware, and maintaining hardware. </li>
<li> System administrator: responsible for maintaining core services and integrity. </li>
<li> Software Assessor: maintain the code base and confirm security ("sign-off") of patches and releases.</li>
<li class="change"> Application Engineer: install application updates and confirm basic working.</li>
<li> Support Engineer: human interface with users.</li>
<li> Team leaders: coordinate with teams, report to Board.</li>
<li> All: respond to Arbitrator's rulings on changes. Respond to critical security issues. Observe.</li>
@ -1080,7 +1221,7 @@ The background check should be done on all of:
<li> Systems Administrator </li>
<li> Access Engineers </li>
<li> Software Assessor </li>
<li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
<li> Support Engineer </li>
<li> Board </li>