svn commit: r44315 - head/en_US.ISO8859-1/books/handbook/security

Fri Mar 21 18:12:31 UTC 2014

Author: dru
Date: Fri Mar 21 18:12:30 2014
New Revision: 44315
URL: http://svnweb.freebsd.org/changeset/doc/44315

Log:
  Finish editorial review of Security Advisory section.
  
  Sponsored by: iXsystems

Modified:
  head/en_US.ISO8859-1/books/handbook/security/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================

--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Fri Mar 21 17:58:12 2014	(r44314)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Fri Mar 21 18:12:30 2014	(r44315)
@@ -3172,13 +3172,29 @@ You are advised to update or deinstall t
       <primary>&os; Security Advisories</primary>
     </indexterm>
 
-    <para>Like many production quality operating systems, &os;
-      publishes <quote>Security Advisories</quote>.  These
-      advisories are usually mailed to the security lists and noted
-      in the Errata only after the appropriate releases have been
-      patched.  This section explains what an advisory is, how to
-      understand it, and what measures to take in order to patch a
-      system.</para>
+    <para>Like many producers of quality operating systems, the &os;
+      Project has a security team which is responsible for
+      determining the End-of-Life (<acronym>EoL</acronym>) date for each
+      &os; release and to provide security updates for supported
+      releases which have not yet reached their
+      <acronym>EoL</acronym>.  More information about the &os;
+      security team and the supported releases is available on the
+      <link xlink:href="&url.base;/security">&os; security
+	page</link>.</para>
+
+    <para>One task of the security team is to respond to reported
+      security vulnerabilities in the &os; operating system.  Once a
+      vulnerability is confirmed, the security team verifies the steps
+      necessary to fix the vulnerability and updates the source code
+      with the fix.  It then publishes the details as a
+      <quote>Security Advisory</quote>.  Security
+      advisories are published on the <link
+	xlink:href="&url.base;/security/advisories.html">&os; website</link>
+      and mailed to the &a.security-notifications.name;,
+      &a.security.name;, and &a.announce.name; mailing lists.</para>  
+
+      <para>This section describes the format of a &os;
+	security advisory.</para>
 
     <sect2>
       <title>What Does an Advisory Look Like?</title>
