-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build a secure channel for security reports #457
Comments
Key created for the recipient jaeger-tracing@googlegroups.com . For the website, here are the instructions to be placed on the page: To receive the key:
To encrypt a
Link to the key on a public server: https://sks-keyservers.net/pks/lookup?op=get&search=0xC043A4D2B3F2AC31 Public key to be placed "as is" on the web page:
To those who need access to this key: please send me an email with your key and I'll send you the private key and passphrase encrypted using your public key. Both @pavolloffay and me already have access to this. I think the key should be also known to other people, including @caniszczyk , @yurishkuro and @objectiser . |
For the new website, we need to add instructions on how to send security reports in an encrypted way. It's also good practice to link this page from all other pages, so that it can be easily found. Example: https://qaclana.io/security/
The usual way to achieve this is to create a PGP key, publish it to a key server and distribute the key to the members of a "security response team".
This is part of #404 .
The text was updated successfully, but these errors were encountered: