Git-Mirrors
/
qubes-doc
mirror of https://github.com/QubesOS/qubes-doc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve wording

This commit is contained in:
Andrew David Wong 2021-06-24 05:35:40 -07:00
parent 06351f0ae0
commit 4851518719
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
project-security/security.md
View File

@ -32,13 +32,15 @@ important project security pages:
## Reporting Security Issues in Qubes OS
If you believe you have found a security issue affecting Qubes OS, either
directly or indirectly (e.g. the issue affects Xen in a configuration that is
used in Qubes OS), then we would be more than happy to hear from you! We
promise to treat any reported issue seriously and, if the investigation
confirms that it affects Qubes, to patch it within a reasonable time and
release a public [Qubes Security Bulletin](/security/qsb/) that describes
the issue, discusses the potential impact of the vulnerability, references
applicable patches or workarounds, and credits the discoverer.
directly or indirectly (e.g., the issue affects Xen in a configuration that is
used in Qubes OS), then we would be more than happy to hear from you! Please
send a [PGP-encrypted](#security-team-pgp-key) email to the [Qubes Security
Team](#qubes-security-team). We promise to take all reported issues seriously.
If our investigation confirms that an issue affects Qubes, we will patch it
within a reasonable time and release a public [Qubes Security Bulletin
(QSB)](/security/qsb/) that describes the issue, discusses the potential impact
of the vulnerability, references applicable patches or workarounds, and credits
the discoverer.
## Security Updates
@ -47,19 +49,20 @@ OS](/doc/how-to-update/).
## Qubes Security Team
The Qubes Security Team (QST) is the subset of the [Qubes Team](/team/) that is
responsible for ensuring the security of Qubes OS and the Qubes OS Project. In
particular, the QST is responsible for:
The **Qubes Security Team (QST)** is the subset of the [Core Qubes
Team](/team/#core) that is responsible for ensuring the security of Qubes OS
and the Qubes OS Project. In particular, the QST is responsible for:
- Responding to [reported security
issues](#reporting-security-issues-in-qubes-os)
- Evaluating whether [XSAs](/security/xsa/) affect the security of Qubes OS
- Writing, applying, and/or distributing security patches to fix
vulnerabilities in Qubes OS
- Writing, signing, and publishing [Security Bulletins](/security/qsb/)
- Writing, signing, and publishing [Canaries](/security/canary/)
- Writing, signing, and publishing [Qubes Security Bulletins
(QSBs)](/security/qsb/)
- Writing, signing, and publishing [Qubes Canaries](/security/canary/)
- Generating, safeguarding, and using the project's [PGP
Keys](https://keys.qubes-os.org/keys/)
keys](https://keys.qubes-os.org/keys/)
As a security-oriented operating system, the QST is fundamentally important to
Qubes, and every Qubes user implicitly trusts the members of the QST by virtue
@ -76,8 +79,8 @@ Please use the [Security Team PGP
Key](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) to encrypt
all emails sent to this address. This key is signed by the [Qubes Master
Signing Key](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc).
Please see [Why and How to Verify Signatures](/security/verifying-signatures/)
for information about how to verify these keys.
Please see [Verify Signatures](/security/verifying-signatures/) for information
about how to authenticate these keys.
### Members of the Security Team