See CCS See also SP7.6 "Handover". Pt 1: OS/external patches are SP3.2. Pt 2: Application patches are SP3.3. Primary application on online core server handles Member information. As this is designated a critical server, then changes are fully covered by software control provisions in SP. Pt 3: Policies are located at www.cacert.org/policy/ on the online core server, as Pt 2. Pt 3: Incoming mail to support is maintained by infrastructure systems and is not necessarily under SP. This is an acceptable risk, but should be looked at in the future. There is no good general outgoing mail communications facility to Members. The online core server has a mailout facility but it is not adequate to task. CA runs a number of other "open" channels for community work: blog, svn, wiki. None of these are designated critical and are considered outside CCS, as an acceptable risk. However this area bears watching. The blog is customarily used for security and other announcements. The svn is used to store DRAFT policies in their finalising period.