mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-27 00:09:26 -05:00
Merge branch 'security-report'
This commit is contained in:
commit
3dbfa3e218
@ -31,16 +31,37 @@ important project security pages:
|
|||||||
|
|
||||||
## Reporting Security Issues in Qubes OS
|
## Reporting Security Issues in Qubes OS
|
||||||
|
|
||||||
If you believe you have found a security issue affecting Qubes OS, either
|
<div class="alert alert-warning" role="alert">
|
||||||
directly or indirectly (e.g., the issue affects Xen in a configuration that is
|
<i class="fa fa-exclamation-circle"></i>
|
||||||
used in Qubes OS), then we would be more than happy to hear from you! Please
|
<b>Please note:</b> The Qubes security team email address is intended for
|
||||||
send a [PGP-encrypted](#security-team-pgp-key) email to the [Qubes Security
|
<b>responsible disclosure</b> by security researchers and others who discover
|
||||||
Team](#qubes-security-team). We promise to take all reported issues seriously.
|
legitimate security vulnerabilities. It is <b>not</b> intended for everyone
|
||||||
If our investigation confirms that an issue affects Qubes, we will patch it
|
who suspects they've been hacked. Please <b>do not</b> attempt to contact the
|
||||||
within a reasonable time and release a public [Qubes Security Bulletin
|
Qubes security team unless you can <b>demonstrate</b> an actual security
|
||||||
(QSB)](/security/qsb/) that describes the issue, discusses the potential impact
|
vulnerability or unless the team will be able to take reasonable steps to
|
||||||
of the vulnerability, references applicable patches or workarounds, and credits
|
verify your claims.
|
||||||
the discoverer.
|
</div>
|
||||||
|
|
||||||
|
If you've discovered a security issue affecting Qubes OS, either directly or
|
||||||
|
indirectly (e.g., the issue affects Xen in a configuration that is used in
|
||||||
|
Qubes OS), then we would be more than happy to hear from you! We promise to
|
||||||
|
take all reported issues seriously. If our investigation confirms that an issue
|
||||||
|
affects Qubes, we will patch it within a reasonable time and release a public
|
||||||
|
[Qubes Security Bulletin (QSB)](/security/qsb/) that describes the issue,
|
||||||
|
discusses the potential impact of the vulnerability, references applicable
|
||||||
|
patches or workarounds, and credits the discoverer. Please use the [Qubes
|
||||||
|
security team PGP
|
||||||
|
key](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) to encrypt
|
||||||
|
your email to this address:
|
||||||
|
|
||||||
|
```
|
||||||
|
security at qubes-os dot org
|
||||||
|
```
|
||||||
|
|
||||||
|
This key is signed by the [Qubes Master Signing
|
||||||
|
Key](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc). Please see
|
||||||
|
[verify signatures](/security/verifying-signatures/) for information about how
|
||||||
|
to authenticate these keys.
|
||||||
|
|
||||||
## Security Updates
|
## Security Updates
|
||||||
|
|
||||||
@ -66,21 +87,7 @@ and the Qubes OS Project. In particular, the QST is responsible for:
|
|||||||
|
|
||||||
As a security-oriented operating system, the QST is fundamentally important to
|
As a security-oriented operating system, the QST is fundamentally important to
|
||||||
Qubes, and every Qubes user implicitly trusts the members of the QST by virtue
|
Qubes, and every Qubes user implicitly trusts the members of the QST by virtue
|
||||||
of the actions listed above. The Qubes Security Team can be contacted via email
|
of the actions listed above.
|
||||||
at the following address:
|
|
||||||
|
|
||||||
```
|
|
||||||
security at qubes-os dot org
|
|
||||||
```
|
|
||||||
|
|
||||||
### Security Team PGP Key
|
|
||||||
|
|
||||||
Please use the [Security Team PGP
|
|
||||||
Key](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) to encrypt
|
|
||||||
all emails sent to this address. This key is signed by the [Qubes Master
|
|
||||||
Signing Key](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc).
|
|
||||||
Please see [Verify Signatures](/security/verifying-signatures/) for information
|
|
||||||
about how to authenticate these keys.
|
|
||||||
|
|
||||||
### Members of the Security Team
|
### Members of the Security Team
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user