diff --git a/security-info/security.md b/security-info/security.md index b44c2136..323774c0 100644 --- a/security-info/security.md +++ b/security-info/security.md @@ -17,38 +17,53 @@ redirect_from: Qubes OS Project Security Center ================================ -- [Security FAQ](/faq/#general--security) -- [Security Goals](/security/goals/) -- [Security Pack](/security/pack/) -- [Security Bulletins](/security/bulletins/) -- [Canaries](/security/canaries/) -- [Xen Security Advisory (XSA) Tracker](/security/xsa/) -- [Why and How to Verify Signatures](/security/verifying-signatures/) -- [PGP Keys](https://keys.qubes-os.org/keys/) +- [Security FAQ] +- [Security Goals] +- [Security Pack] +- [Security Bulletins] +- [Canaries] +- [Xen Security Advisory (XSA) Tracker] +- [Why and How to Verify Signatures] +- [PGP Keys] + Reporting Security Issues in Qubes OS ------------------------------------- If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you! +We promise to treat any reported issue seriously and, if the investigation confirms that it affects Qubes, to patch it within a reasonable time and release a public [Qubes Security Bulletin][Security Bulletins] that describes the issue, discusses the potential impact of the vulnerability, references applicable patches or workarounds, and credits the discoverer. -We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, release a public Security Bulletin that describes the issue, discuss potential impact of the vulnerability, reference applicable patches or workarounds, and credit the discoverer. - -The list of all Qubes Security Advisories published so far can be found [here](/security/bulletins/). The Qubes Security Team ----------------------- -The Qubes Security Team can be contacted via email using the following address: +The Qubes Security Team can be contacted via email at the following address: -~~~ -security at qubes-os dot org -~~~ + security at qubes-os dot org -### Qubes Security Team GPG Key ### -Please use [this GPG key](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) to encrypt any emails sent to this address. Like all GPG keys used by the Qubes project, this key is signed by the Qubes Master key. Please see [this page](/security/verifying-signatures/) for more information on how to verify the keys. +### Security Team PGP Key ### + +Please use the [Security Team PGP Key] to encrypt all emails sent to this address. +This key is signed by the [Qubes Master Signing Key]. +Please see [Why and How to Verify Signatures] for information about how to verify these keys. ### Members of the Security Team ### -- Joanna Rutkowska \ -- Marek Marczykowski \ +- [Joanna Rutkowska] +- [Marek Marczykowski-Górecki] + + +[Security FAQ]: /faq/#general--security +[Security Goals]: /security/goals/ +[Security Pack]: /security/pack/ +[Security Bulletins]: /security/bulletins/ +[Canaries]: /security/canaries/ +[Xen Security Advisory (XSA) Tracker]: /security/xsa/ +[Why and How to Verify Signatures]: /security/verifying-signatures/ +[PGP Keys]: https://keys.qubes-os.org/keys/ +[Security Team PGP Key]: https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc +[Qubes Master Signing Key]: https://keys.qubes-os.org/keys/qubes-master-signing-key.asc +[Joanna Rutkowska]: /team/#joanna-rutkowska +[Marek Marczykowski-Górecki]: /team/#marek-marczykowski-górecki +