From a66e571ab4264fba182f4dedb04842664ce9ffa5 Mon Sep 17 00:00:00 2001
From: Ian Grigg <iang@cacert.org>
Date: Wed, 23 Sep 2009 22:29:58 +0000
Subject: [PATCH] changes to add the Application Engineer

git-svn-id: http://svn.cacert.org/CAcert/Policies@1698 14b1bab8-4ef6-0310-b690-991c95c89dfd
---
 SecurityPolicy.html | 163 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 152 insertions(+), 11 deletions(-)

diff --git a/SecurityPolicy.html b/SecurityPolicy.html
index 49842cf..1a78fa9 100644
--- a/SecurityPolicy.html
+++ b/SecurityPolicy.html
@@ -4,6 +4,42 @@
  <head>
  <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
  <title>Security Policy</title>
+
+<style type="text/css">
+<!--
+body {
+	font-family : verdana, helvetica, arial, sans-serif;
+}
+
+th {
+	text-align : left;
+}
+
+.q {
+	color : green;
+	font-weight: bold;
+	text-align: center;
+	font-style:italic;
+}
+
+.error {
+	color : red;
+	font-weight: bold;
+	text-align: center;
+	font-style:italic;
+}
+
+.change {
+	color : blue;
+	font-weight: bold;
+}
+
+a:hover {
+	color : gray;
+}
+-->
+</style>
+
 </head>
 <body lang="en-GB">
 
@@ -11,7 +47,14 @@
 <p><a href="PolicyOnPolicy.html"><img src="Images/cacert-draft.png" alt="CAcert Security Policy Status == wip" border="0"></a>
 <br>
 Creation date: 20090216<br>
-Status: <b>DRAFT 20090327</b>
+Status: <b>DRAFT 20090327</b><br><br>
+
+Changes: WIP 20090915<br>
+<span class="change">work-in-progress additions are in BLUE</b>
+    (unvoted / nonbinding)<br>
+work-in-progress deletions are </span> <s>struck-out in black</s>
+<span class="change">but still DRAFT/binding</span> <br>
+<span class="q">some random comments in GREEN added</span> <br>
 </p>
 
 <h2><a name="1">1.</a> INTRODUCTION</h2>
@@ -49,6 +92,8 @@ These roles are directly covered:
       Support Engineers
     </li><li>
       Software Assessors
+    </li><li class="change">
+      Application Engineers
 </li></ul>
 
 <h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
@@ -102,6 +147,14 @@ deriving from the above principles.
     See &sect;1.1.
 </dd>
 
+<dt class="change"><i>Application Engineer</i> </dt>
+<dd class="change">
+    A Member who manages the critical application,
+    including installing them on the critical system,
+    final testing, emergency patching, and ad hoc scripting.
+    See &sect;x.x.
+</dd>
+
 <dt><i>Software Assessor</i> </dt>
 <dd>
     A Member who reviews patches for security and workability,
@@ -440,25 +493,42 @@ independent of filed disputes.
 
 <h3><a name="3.3"> 3.3.</a> Application </h3>
 
+<p class="change">
+Systems administration is to provide a limited environment
+to Applications Engineers in order to install and maintain
+the application.
+</p>
+
+<ul class="q">
+   <li> insert SSH / non-unix in SM? </li>
+   <li> move all below to &sect;7 </li>
+</ul>
+
 <p>
+<s>
 Software assessment takes place on various test systems
 (not a critical system). See &sect;7.
 Once offered by Software Assessment (team),
 system administration team leader has to
 approve the installation of each release or patch.
+</s>
 </p>
 
 <p>
+<s>
 Any changes made to source code must be referred
 back to software assessment team
 and installation needs to be deferred
 until approved by the Software Assessment Team.
+</s>
 </p>
 
 <p>
+<s>
 Requests to systems administration for ad hoc queries
 over the database for business or similar purposes
 must be approved by the Arbitrator.
+</s>
 </p>
 
 <h3><a name="3.4"> 3.4.</a> Access control </h3>
@@ -518,8 +588,8 @@ authorisations on the below access control lists
   <td>systems administration team leader</td>
  </tr><tr>
   <td>Repository Access List</td>
-  <td>Software Assessors</td>
-  <td>change the source code repository</td>
+  <td><span class="change">Application Engineers</span><s>Software Assessors</s></td>
+  <td>change the source code repository <span class="change">and install patches to application</change></td>
   <td>exclusive with Access Engineers and systems administrators</td>
   <td>software assessment team leader</td>
 </tr></table>
@@ -568,12 +638,16 @@ Access to Accounts
 must be strictly controlled.
 Passphrases and SSH private keys used for entering into the systems
 will be kept private
-to CAcert sysadmins in all cases.
+to CAcert sysadmins
+<span class="change">and Application Engineers</span>
+in all cases.
 </p>
 
 <h5> <a name="4.1.1.1">4.1.1.1.</a> Authorized users </h5>
 <p>
-Only System Administrators designated on the Access Lists
+Only System Administrators
+<span class="change">and Application Engineers</span>
+designated on the Access Lists
 in &sect;3.4.2 are authorized to access accounts,
 unless specifically directed by the Arbitrator.
 </p>
@@ -825,7 +899,7 @@ infrastructure is not available.
 
 <p>
 Software assessment team is responsible
-for the security of the code.
+for the security <span class="change">and maintenance</span> of the code.
 </p>
 
 <h3> <a name="7.1"> 7.1. </a> Authority </h3>
@@ -838,7 +912,7 @@ See &sect;3.4.2.
 
 <h3> <a name="7.2"> 7.2. </a> Tasks </h3>
 <p>
-The primary tasks are:
+The primary tasks <span class="change">for Software Assessors</span> are:
 </p>
 <ol><li>
     Keep the code secure in its operation,
@@ -847,7 +921,7 @@ The primary tasks are:
   </li><li>
     Audit, Verify and sign-off proposed patches,
   </li><li>
-    Guide Systems Administration team in inserting patches,
+    <s>Guide Systems Administration team in inserting patches,</s>
   </li><li>
     Provide guidance for architecture,
 </li></ol>
@@ -857,6 +931,27 @@ Software assessment is not primarily tasked to write the code.
 In principle, anyone can submit code changes for approval.
 </p>
 
+<p class="change">
+The primary tasks for Application Engineers are:
+</p>
+<ol class="change"><li>
+    Installing signed-off patches,
+  </li><li>
+    Verifying correct running,
+  </li><li>
+    Correcting immediate errors and copying fixes back to
+    upstream repositories,
+  </li><li>
+    Running ad-hoc database scripts and other programs,
+  </li><li>
+    Repairing data errors,
+  </li><li>
+    Backing up at the database level,
+  </li><li>
+    Watching application-level logs.
+</li></ol>
+
+
 
 <h3> <a name="7.3"> 7.3. </a> Repository </h3>
 
@@ -866,6 +961,26 @@ in a central repository that is run by the
 software assessment team.
 </p>
 
+
+<ul class="q">
+    <li> is this something that can be and is being run by systems administration team? </li>
+    <li> Or are their two, the test one and the critical one? </li>
+    <li> Like this: </li>
+</ul>
+
+<p class="change">
+The development code and testing patches are maintained
+in a central development repository that is run by the
+software assessment team.
+</p>
+
+<p class="change">
+The production code is maintained in a secure production repository
+within the critical systems that is run by the
+systems administation team.
+Access is made available to the Application Engineers.
+</p>
+
 <h3> <a name="7.4"> 7.4. </a> Review </h3>
 
 <p>
@@ -895,10 +1010,30 @@ Bug submission access should be provided to
 any Member that requests it.
 </p>
 
-<h3> <a name="7.6"> 7.6. </a> Handover </h3>
+<h3> <a name="7.6"> 7.6. </a> <s>Handover</s> <span class="change">Production</span> </h3>
+
+<p class="change">
+Application Engineers are roles within Software Assessment
+team that are approved to install into production the
+patches that are signed off.
+Once signed off, the Application Engineer
+commits the patch from the development repository
+to the production repository,
+and installs the patch from the production repository
+into the running code.
+The Application Engineer is responsible for basic
+testing of functionality and emergency fixes,
+which then must be back-installed into the repositories.
+</p>
+
+<p class="change">
+Requests to Application Engineers for ad hoc queries over the database for business or similar purposes must be approved by the Arbitrator. 
+</p>
 
 <p>
-Once signed off, software assessment (team leader)
+<s>
+Once signed off,
+software assessment (team leader)
 coordinates with systems administration (team leader)
 to offer the upgrade.
 Upgrade format is to be negotiated,
@@ -906,21 +1041,26 @@ but systems administration naturally has the last word.
 Software Assessors are not to have access
 to the critical systems, providing a dual control
 at the teams level.
+</s>
 </p>
 
 <p>
+<s>
 If compilation and/or other processing of the
 application source code in the version control system
 is necessary to deploy the application,
 detailed installation instructions should also be
 maintained in the version control system and offered to the
 System Administrators.
+</s>
 </p>
 
 <p>
+<s>
 Systems administrators copy the patches securely
 from the software assessment repository
 onto the critical machine.
+</s>
 See &sect;3.3.
 </p>
 
@@ -1013,6 +1153,7 @@ or Case Managers.
     <li> Access Engineer: responsible for controlling access to hardware, and maintaining hardware. </li>
     <li> System administrator: responsible for maintaining core services and integrity. </li>
     <li> Software Assessor: maintain the code base and confirm security ("sign-off") of patches and releases.</li>
+    <li class="change"> Application Engineer: install application updates and confirm basic working.</li>
     <li> Support Engineer: human interface with users.</li>
     <li> Team leaders: coordinate with teams, report to Board.</li>
     <li> All: respond to Arbitrator's rulings on changes. Respond to critical security issues. Observe.</li>
@@ -1080,7 +1221,7 @@ The background check should be done on all of:
 <ul>
     <li> Systems Administrator </li>
     <li> Access Engineers </li>
-    <li> Software Assessor </li>
+    <li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
     <li> Support Engineer </li>
     <li> Board </li>
 </ul>