[Users] Security response policy

[Barry De Graaff]

Hello Adam,

Did you watch: https://youtu.be/-fMe5Xab11Y  ??
http://barrydegraaff.github.io/help/

The only thing you need to do, is keep a copy of your generated keypair
some place safe.

If there are any more questions, please let me know.

Barry

----- Oorspronkelijk bericht -----
Van: "Adam Cody" <ajcody at zetalliance.org>
Aan: "Barry De Graaff" <barrydg at zetalliance.org>
Cc: users at lists.zetalliance.org, devel at lists.zetalliance.org
Verzonden: Woensdag 27 april 2016 18:23:17
Onderwerp: Re: [Users] Security response policy

I've not used PGP much. Is this something that could use a short how-to posted somewhere ? Just want to make sure the solution that can scale and easy for people to follow.

-Ajcody

----- Original Message -----
From: "Barry De Graaff" <barrydg at zetalliance.org>
To: users at lists.zetalliance.org, devel at lists.zetalliance.org
Sent: Tuesday, April 26, 2016 5:50:17 AM
Subject: [Users] Security response policy

Hello All,

For security response policy (for both the rpm/deb repo and the github) I was thinking
of keeping things simple and

Tell everybody that want to get the URL to the packages repository to *subscribe* to the
users DL.

Further I would like to see that some of our github admins and the maintainers of the packages
repo share their pgp fingerprint.

So in case of somebody wanting to report a security issue, they can just send it pgp encrypted
to all the admins. Avoiding a central security@ account that may go unnoticed.

Then we need to make sure there is always enough admins not on holiday, knowing how to fix issues
if/when then should occur.

Any thoughts?


Barry