Reorganize security info pages

basics_user/user-faq.md

@@ -189,7 +189,7 @@ This website is hosted via GitHub Pages behind Cloudflare ([why?](#why-does-this
 Therefore, it is largely outside of our control.
 We don't consider this a problem, however, since we explicitly [distrust the infrastructure](#what-does-it-mean-to-distrust-the-infrastructure).
 For this reason, we don't think that anyone should place undue trust in the live version of this site on the Web.
-Instead, if you want to obtain your own, trustworthy copy of this website in a secure way, you should clone our [website repo](https://github.com/QubesOS/qubesos.github.io), [verify the PGP signatures on the commits and/or tags](/doc/verifying-signatures/#verifying-qubes-code) (signed by the [doc-signing keys](https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing)), then either [render the site on your local machine](https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions) or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason](/doc/doc-guidelines/#markdown-conventions).
+Instead, if you want to obtain your own, trustworthy copy of this website in a secure way, you should clone our [website repo](https://github.com/QubesOS/qubesos.github.io), [verify the PGP signatures on the commits and/or tags](/security/verifying-signatures/#verifying-qubes-code) (signed by the [doc-signing keys](https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing)), then either [render the site on your local machine](https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions) or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason](/doc/doc-guidelines/#markdown-conventions).
 We've gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible.
 
 ### What does it mean to "distrust the infrastructure"?

common-tasks/tips-and-tricks.md

@@ -10,7 +10,7 @@ This section provides user suggested tips that aim to increase Qubes OS usabilit
 
 Opening links in your preferred AppVM
 -------------------------------------
-To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. to learn more you can check [security guidelines](/doc/security-guidelines/) and [security goals](/doc/security-goals/).
+To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. to learn more you can check [security guidelines](/doc/security-guidelines/) and [security goals](/security/goals/).
 
 The command `qvm-open-in-vm` lets you open a document or a URL in another VM, it takes two parameters: vmname and filename.
 

doc.md

@@ -29,11 +29,12 @@ The Basics
 
 Security Information
 --------------------
- * [Security Main Page](/security/)
+ * [Security Center](/security/)
- * [Security Pack](/doc/security-pack/)
+ * [Security Pack](/security/pack/)
- * [Security Bulletins](/doc/security-bulletins/)
+ * [Security Bulletins](/security/bulletins/)
- * [Canaries](/doc/canaries/)
+ * [Canaries](/security/canaries/)
- * [Why and How to Verify Signatures](/doc/verifying-signatures/)
+ * [Xen Security Advisory (XSA) Tracker](/security/xsa/)
+ * [Why and How to Verify Signatures](/security/verifying-signatures/)
  * [Qubes PGP Keys](http://keys.qubes-os.org/keys/)
 
 Choosing Your Hardware
@@ -49,7 +50,7 @@ Installing & Upgrading Qubes
  * [Qubes Downloads](/downloads/)
  * [Installation Guide](/doc/installation-guide/)
  * [Upgrade Guides](/doc/upgrade/)
- * [Why and How to Verify Signatures](/doc/verifying-signatures/)
+ * [Why and How to Verify Signatures](/security/verifying-signatures/)
  * [Security Considerations when Installing](/doc/install-security/)
  * [Try Qubes without installing: Qubes Live USB (alpha)](/doc/live-usb/)
  * [Supported Versions](/doc/supported-versions/)
@@ -214,15 +215,15 @@ The Basics
 
 Security Information
 --------------------
- * [Security Main Page](/security/)
+ * [Security Center](/security/)
- * [Security Goals](/doc/security-goals/)
+ * [Security Pack](/security/pack/)
- * [Security Pack](/doc/security-pack/)
+ * [Security Bulletins](/security/bulletins/)
- * [Security Bulletins](/doc/security-bulletins/)
+ * [Security Bulletin Checklist](/security/bulletins/checklist/)
- * [Security Bulletin Checklist](/doc/security-bulletins/checklist/)
+ * [Security Bulletin Template](/security/bulletins/template/)
- * [Security Bulletin Template](/doc/security-bulletins/template/)
+ * [Canaries](/security/canaries/)
- * [Canaries](/doc/canaries/)
+ * [Canary Template](/security/canaries/template/)
- * [Canary Template](/doc/canaries/template/)
+ * [Xen Security Advisory (XSA) Tracker](/security/xsa/)
- * [Why and How to Verify Signatures](/doc/verifying-signatures/)
+ * [Why and How to Verify Signatures](/security/verifying-signatures/)
  * [Qubes PGP Keys](http://keys.qubes-os.org/keys/)
 
 System

installing/install-security.md

@@ -76,7 +76,7 @@ Cons:
    other two options.)
 
 
-[verify]: /doc/verifying-signatures/
+[verify]: /security/verifying-signatures/
 [classic problem]: http://www.acm.org/classics/sep95/
 [solutions]: http://www.dwheeler.com/trusting-trust/
 [USB qube]: /doc/usb/#creating-and-using-a-usb-qube

installing/installation-guide.md

@@ -121,7 +121,7 @@ Getting Help
 [Hardware Compatibility List]: /hcl/
 [live USB]: /doc/live-usb/
 [downloads]: /downloads/
-[verifying signatures]: /doc/verifying-signatures/
+[verifying signatures]: /security/verifying-signatures/
 [security considerations]: /doc/install-security/
 [Rufus]: http://rufus.akeo.ie/
 [documentation]: /doc/

security-info/canaries.md

@@ -1,13 +1,14 @@
 ---
-layout: doc
+layout: security
 title: Canaries
-permalink: /doc/canaries/
+permalink: /security/canaries/
+redirect_from: /doc/canaries/
 ---
 
 Qubes Canaries
 ==============
 
-Qubes Canaries are published through the [Qubes Security Pack](/doc/security-pack/).
+Qubes Canaries are published through the [Qubes Security Pack](/security/pack/).
 
 2015
 ----

security-info/canary-template.md

@@ -1,7 +1,8 @@
 ---
-layout: doc
+layout: security
 title: Canary Template
-permalink: /doc/canaries/template/
+permalink: /security/canaries/template/
+redirect_from: /doc/canaries/template/
 ---
 
 Canary Template
@@ -20,11 +21,11 @@ View Canary #<number> in the qubes-secpack:
 
 Learn about the qubes-secpack, including how to obtain, verify, and read it:
 
-<https://www.qubes-os.org/doc/security-pack/>
+<https://www.qubes-os.org/security/pack/>
 
 View all past canaries:
 
-<https://www.qubes-os.org/doc/canaries/>
+<https://www.qubes-os.org/security/canaries/>
 
 ```
                     ---===[ Qubes Canary #<number> ]===---

security-info/security-bulletins-checklist.md

@@ -1,7 +1,8 @@
 ---
-layout: doc
+layout: security
 title: Security Bulletin Checklist
-permalink: /doc/security-bulletins/checklist/
+permalink: /security/bulletins/checklist/
+redirect_from: /doc/security-bulletins/checklist/
 ---
 
 Security Bulletin Checklist
@@ -19,5 +20,5 @@ Announcement
 
  * Upload packages to `security-testing` and `current-testing` repositories
  * Push QSB to public repository
- * Announce on the [mailing lists](/mailing-lists) using the [QSB Template](/doc/security-bulletins/template/)
+ * Announce on the [mailing lists](/mailing-lists/) using the [QSB Template](/security/bulletins/template/)
  * Announce on social media

security-info/security-bulletins-template.md

@@ -1,7 +1,8 @@
 ---
-layout: doc
+layout: security
 title: Security Bulletin Template
-permalink: /doc/security-bulletins/template/
+permalink: /security/bulletins/template/
+redirect_from: /doc/security-bulletins/template/
 ---
 
 Security Bulletin Template
@@ -20,11 +21,11 @@ View QSB #<number> in the qubes-secpack:
 
 Learn about the qubes-secpack, including how to obtain, verify, and read it:
 
-<https://www.qubes-os.org/doc/security-pack/>
+<https://www.qubes-os.org/security/pack/>
 
 View all past QSBs:
 
-<https://www.qubes-os.org/doc/security-bulletins/>
+<https://www.qubes-os.org/security/bulletins/>
 
 ```
              ---===[ Qubes Security Bulletin #<number>]===---

security-info/security-bulletins.md

@@ -1,8 +1,9 @@
 ---
-layout: doc
+layout: security
 title: Security Bulletins
-permalink: /doc/security-bulletins/
+permalink: /security/bulletins/
 redirect_from: 
+- /doc/security-bulletins/
 - /en/doc/security-bulletins/
 - /doc/SecurityBulletins/
 - /wiki/SecurityBulletins/
@@ -12,7 +13,7 @@ redirect_from:
 Qubes Security Bulletins
 ========================
 
-Qubes Security Bulletins are published through the [Qubes Security Pack](/doc/security-pack/).
+Qubes Security Bulletins are published through the [Qubes Security Pack](/security/pack/).
 
 2010
 ----

security-info/security-goals.md

@@ -1,8 +1,9 @@
 ---
-layout: doc
+layout: security
 title: Security Goals
-permalink: /doc/security-goals/
+permalink: /security/goals/
 redirect_from:
+- /doc/security-goals/
 - /en/doc/security-goals/
 - /doc/SecurityGoals/
 - /wiki/SecurityGoals/

security-info/security-pack.md

@@ -1,8 +1,9 @@
 ---
-layout: doc
+layout: security
 title: Security Pack
-permalink: /doc/security-pack/
+permalink: /security/pack/
 redirect_from:
+- /doc/security-pack/
 - /en/doc/security-pack/
 - /doc/SecurityPack/
 - /wiki/SecurityPack/
@@ -20,7 +21,7 @@ Qubes Security Pack
 The **Qubes Security Pack** (`qubes-secpack`) is a Git repository that contains:
 
  * [Qubes PGP keys](https://keys.qubes-os.org/keys/)
- * [Qubes Security Bulletins (QSBs)](/doc/security-bulletins/)
+ * [Qubes Security Bulletins (QSBs)](/security/bulletins/)
  * [Qubes warrant canaries](https://github.com/QubesOS/qubes-secpack/tree/master/canaries)
  * [Qubes Bitcoin fund information](https://github.com/QubesOS/qubes-secpack/tree/master/fund)
  * Security-related information and announcements (e.g., key revocations)
@@ -221,7 +222,7 @@ verifying its contents, and reading them.
     a trustworthy source (ideally, multiple sources) *other than* this website
     and visually compare it (them) to the fingerprint displayed in the preceding
     step, ensuring they match. You can read more about digital signatures and
-    key verification [here](/doc/verifying-signatures/).
+    key verification [here](/security/verifying-signatures/).
 
  4. Verify signed Git tags.
 

security-info/security.md

@@ -0,0 +1,54 @@
+---
+layout: default
+title: Security
+permalink: /security/
+redirect_from: 
+- /en/security/
+- /en/doc/security/
+- /en/doc/qubes-security/
+- /doc/QubesSecurity/
+- /wiki/QubesSecurity/
+- /en/doc/security-page/
+- /doc/SecurityPage/
+- /wiki/SecurityPage/
+- /trac/wiki/SecurityPage/
+---
+
+Qubes OS Project Security Center
+================================
+
+-   [Security Goals](/security/goals/)
+-   [Security Pack](/security/pack/)
+-   [Security Bulletins](/security/bulletins/)
+-   [Canaries](/security/canaries/)
+-   [Xen Security Advisory (XSA) Tracker](/security/xsa/)
+-   [Why and How to Verify Signatures](/security/verifying-signatures/)
+-   [PGP Keys](http://keys.qubes-os.org/keys/)
+
+Reporting Security Issues in Qubes OS
+-------------------------------------
+
+If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you!
+
+We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, and also to release a public Security Bulletin that describes the issue, discusses potential impact of the vulnerability, references applicable patches or workarounds, and also credits the discoverer.
+
+The list of all Qubes Security Advisories published so far can be found [here](/security/bulletins/).
+
+The Qubes Security Team
+-----------------------
+
+The Qubes Security Team can be contacted via email using the following address:
+
+~~~
+security at qubes-os dot org
+~~~
+
+### Qubes Security Team GPG Key ###
+
+Please use the [this GPG key](http://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) for encrypting any emails sent to this address. Like all the GPG keys used by the Qubes project, this key is signed with the Qubes Master key. Please see [this page](/security/verifying-signatures/) for more information on how to verify the keys.
+
+### Members of the Security Team ###
+
+-   Joanna Rutkowska \<joanna at invisiblethingslab dot com\>
+-   Marek Marczykowski \<marmarek at invisiblethingslab dot com\>
+

security-info/verifying-signatures.md

@@ -1,8 +1,9 @@
 ---
-layout: doc
+layout: security
 title: Verifying Signatures
-permalink: /doc/verifying-signatures/
+permalink: /security/verifying-signatures/
 redirect_from:
+- /doc/verifying-signatures/
 - /en/doc/verifying-signatures/
 - /doc/VerifyingSignatures/
 - /wiki/VerifyingSignatures/
@@ -307,7 +308,7 @@ or
 
 [Qubes Master Signing Key]: https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
 [keyserver]: https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples
-[Qubes Security Pack]: /doc/security-pack/
+[Qubes Security Pack]: /security/pack/
 [devel-master-key-msg]: https://groups.google.com/d/msg/qubes-devel/RqR9WPxICwg/kaQwknZPDHkJ
 [user-master-key-msg]: https://groups.google.com/d/msg/qubes-users/CLnB5uFu_YQ/ZjObBpz0S9UJ
 [mailing lists]: /mailing-lists/

security/security-guidelines.md

@@ -11,12 +11,12 @@ redirect_from:
 Security Guidelines
 ===================
 
-The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/doc/qubes-architecture/) is a [responsibility of the user](/doc/security-goals/). But participation requires knowledge. So it is worth stressing some basic items:
+The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/doc/qubes-architecture/) is a [responsibility of the user](/security/goals/). But participation requires knowledge. So it is worth stressing some basic items:
 
 Download Verification
 ---------------------
 
-**Verify the authenticity and integrity of your downloads, [particularly Qubes iso](/doc/verifying-signatures/).**
+**Verify the authenticity and integrity of your downloads, [particularly Qubes iso](/security/verifying-signatures/).**
 
 Standard program installation
 

system/security-critical-code.md

@@ -14,7 +14,7 @@ Security-Critical Code in Qubes OS
 
 Below is a list of security-critical (AKA trusted) code in Qubes OS. A successful attack against any of those might allow to compromise the Qubes OS security. This code can be thought of as of a Trusted Computing Base (TCB) of Qubes OS. The goal of the project has been to minimize the amount of this trusted code to an absolute minimum. The size of the current TCB is of an order of hundreds thousands of lines of C code, which is several orders of magnitude less than in other OSes, such as Windows, Linux or Mac, where it is of orders of tens of millions of lines of C code.
 
-For more information about the security goals of Qubes OS, see [this page](/doc/security-goals/).
+For more information about the security goals of Qubes OS, see [this page](/security/goals/).
 
 Security-Critical Qubes-Specific Components
 -------------------------------------------