From c1e404457ccf900bab0b053668bc18839285e357 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 5 Nov 2018 20:21:43 -0600 Subject: [PATCH] Update Security page - Add Qubes Security Team (QST) description - Add Simon as QST member - Add "(emeritus, canaries only)" with link next to Joanna's name; move to bottom --- security-info/security.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/security-info/security.md b/security-info/security.md index 323774c0..6cf39b9b 100644 --- a/security-info/security.md +++ b/security-info/security.md @@ -37,6 +37,17 @@ We promise to treat any reported issue seriously and, if the investigation confi The Qubes Security Team ----------------------- +The Qubes Security Team (QST) is the subset of the [Qubes Team] that is responsible for ensuring the security of Qubes OS and the Qubes OS Project. +In particular, the QST is responsible for: + + - Responding to [reported security issues] + - Evaluating whether [XSAs][Xen Security Advisory (XSA) Tracker] affect the security of Qubes OS + - Writing, applying, and/or distributing security patches to fix vulnerabilities in Qubes OS + - Writing, signing, and publishing [Security Bulletins] + - Writing, signing, and publishing [Canaries] + - Generating, safeguarding, and using the project's [PGP Keys] + +As a security-oriented operating system, the QST is fundamentally important to Qubes, and every Qubes user implicitly trusts the members of the QST by virtue of the actions listed above. The Qubes Security Team can be contacted via email at the following address: security at qubes-os dot org @@ -50,8 +61,9 @@ Please see [Why and How to Verify Signatures] for information about how to verif ### Members of the Security Team ### -- [Joanna Rutkowska] - [Marek Marczykowski-Górecki] +- [Simon Gaiser (aka HW42)] +- [Joanna Rutkowska] ([emeritus, canaries only]) [Security FAQ]: /faq/#general--security @@ -62,8 +74,12 @@ Please see [Why and How to Verify Signatures] for information about how to verif [Xen Security Advisory (XSA) Tracker]: /security/xsa/ [Why and How to Verify Signatures]: /security/verifying-signatures/ [PGP Keys]: https://keys.qubes-os.org/keys/ +[Qubes Team]: /team/ +[reported security issues]: #reporting-security-issues-in-qubes-os [Security Team PGP Key]: https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc [Qubes Master Signing Key]: https://keys.qubes-os.org/keys/qubes-master-signing-key.asc -[Joanna Rutkowska]: /team/#joanna-rutkowska [Marek Marczykowski-Górecki]: /team/#marek-marczykowski-górecki +[Simon Gaiser (aka HW42)]: /team/#simon-gaiser-aka-hw42 +[Joanna Rutkowska]: /team/#joanna-rutkowska +[emeritus, canaries only]: /news/2018/11/02/qubes-security-team-update/