[Users] [Devel] Security response policy
Truong Anh Tuan
tuanta at iwayvietnam.com
Wed Apr 27 18:27:02 CEST 2016
On 04/26/2016 04:50 PM, Barry De Graaff wrote:
> Hello All,
>
> For security response policy (for both the rpm/deb repo and the github) I was thinking
> of keeping things simple and
>
> Tell everybody that want to get the URL to the packages repository to *subscribe* to the
> users DL.
>
> Further I would like to see that some of our github admins and the maintainers of the packages
> repo share their pgp fingerprint.
>
> So in case of somebody wanting to report a security issue, they can just send it pgp encrypted
> to all the admins. Avoiding a central security@ account that may go unnoticed.
>
> Then we need to make sure there is always enough admins not on holiday, knowing how to fix issues
> if/when then should occur.
+1 for OpenPGP.
Here is my OpenPGP keys:
https://keys.fedoraproject.org/pks/lookup?search=0xEF8D50BF&op=vindex
--
Rgds,
Tuan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20160427/72f5c3b4/attachment.sig>
More information about the Users
mailing list