[Users] Security response policy
Adam Cody
ajcody at zetalliance.org
Wed Apr 27 18:23:17 CEST 2016
I've not used PGP much. Is this something that could use a short how-to posted somewhere ? Just want to make sure the solution that can scale and easy for people to follow.
-Ajcody
----- Original Message -----
From: "Barry De Graaff" <barrydg at zetalliance.org>
To: users at lists.zetalliance.org, devel at lists.zetalliance.org
Sent: Tuesday, April 26, 2016 5:50:17 AM
Subject: [Users] Security response policy
Hello All,
For security response policy (for both the rpm/deb repo and the github) I was thinking
of keeping things simple and
Tell everybody that want to get the URL to the packages repository to *subscribe* to the
users DL.
Further I would like to see that some of our github admins and the maintainers of the packages
repo share their pgp fingerprint.
So in case of somebody wanting to report a security issue, they can just send it pgp encrypted
to all the admins. Avoiding a central security@ account that may go unnoticed.
Then we need to make sure there is always enough admins not on holiday, knowing how to fix issues
if/when then should occur.
Any thoughts?
Barry
More information about the Users
mailing list