Skip to content

Commit 76a8435

Browse files
binford2kbinford2k
committed
Updated security page
This just changes the reporter and gpg key. Anyone on the security team should install the key stored in gopass. I plan on revamping this page to include information about security fixes in releases but we need process updates first.
1 parent 495c268 commit 76a8435

1 file changed

Lines changed: 14 additions & 8 deletions

File tree

security/index.md

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,23 +3,29 @@ layout: page
33
title: Security
44
---
55

6-
This page describes how to report security vulnerabilities, both external or
7-
internal. If you have any question, please reach us on #voxpupuli on [Libera](https://web.libera.chat/?#voxpupuli).
6+
This page describes how to report security vulnerabilities, both external or internal.
7+
If you have any question, please reach us on `#voxpupuli` on [Libera](https://web.libera.chat/?#voxpupuli).
88

99
* TOC
1010
{:toc}
11+
{: class="alert alert-primary callout w-33" }
1112

1213
## Reporting security vulnerabilities
1314

14-
If you want to report any security vulnerability, please contact
15-
[Julien Pivotto](mailto:[email protected]). Julien's GPG key can be
16-
downloaded [here](0C7F187769D072B93B642BB9E484250533AE92DA.pub).
15+
If you want to report any security vulnerability, please contact our
16+
[security team](mailto:[email protected]).
17+
Feel free to encrypt communications using our [gpg key](https://keys.openpgp.org/search?q=security%40voxpupuli.org).
1718

18-
Julien's GPG key fingerprint is `0C7F 1877 69D0 72B9 3B64 2BB9 E484 2505 33AE 92DA`.
19+
```
20+
$ gpg --auto-key-locate keyserver --locate-keys [email protected]
21+
```
1922

20-
Here is a list of topics where the security officer can help you:
23+
Our GPG key fingerprint is `CA4C B6EE 8852 F95F B84B  834B 48A1 C23A FF60 2E9B`.
24+
25+
Here is a list of topics where the security team can help you:
2126

2227
* Report security vulnerabilities in our projects
28+
- modules, gems, OpenVox projects, etc
2329
* Report security vulnerabilities in third party projects we use (Ruby Gems)
2430
* Report security vulnerabilities in third party projects we are related to
2531
(projects we manage with our Puppet modules)
@@ -46,7 +52,7 @@ For our contributors, here are some good practices that we highly recommend.
4652
1. Respect the [Responsible disclosure][m] model.
4753

4854
Vox Pupuli is agile enough to address security vulnerabilities quickly.
49-
Still we encourage you to get in touch with the security officer that will
55+
Still we encourage you to get in touch with the security team that will
5056
help you to elaborate a good disclosure schedule and an appropriate answer.
5157

5258
1. Follow Vox Pupuli flows and practices

0 commit comments

Comments
 (0)