Changeset View
Changeset View
Standalone View
Standalone View
DISCLOSURE_POLICY.md
Show All 12 Lines | |||||
* A short summary of the potential impact of the issue (if known). | * A short summary of the potential impact of the issue (if known). | ||||
* Details explaining how to reproduce the issue or how an exploit may be formed. | * Details explaining how to reproduce the issue or how an exploit may be formed. | ||||
* Your name (optional). If provided, we will provide credit for disclosure. Otherwise, you will be treated anonymously and your privacy will be respected. | * Your name (optional). If provided, we will provide credit for disclosure. Otherwise, you will be treated anonymously and your privacy will be respected. | ||||
* Your email or other means of contacting you. | * Your email or other means of contacting you. | ||||
* A PGP key/fingerprint for us to provide encrypted responses to your disclosure. If this is not provided, we cannot guarantee that you will receive a response prior to a fix being made and deployed. | * A PGP key/fingerprint for us to provide encrypted responses to your disclosure. If this is not provided, we cannot guarantee that you will receive a response prior to a fix being made and deployed. | ||||
## Encrypting the Disclosure | ## Encrypting the Disclosure | ||||
We highly encourage all disclosures to be encrypted to prevent interception and exploitation by third-parties prior to a fix being developed and deployed. Please encrypt using this PGP public key with id: `3199472CFB54790D90B8ECB4B1606D6B42B7F4C7` | We highly encourage all disclosures to be encrypted to prevent interception and exploitation by third-parties prior to a fix being developed and deployed. Please encrypt using the PGP public key with fingerprint: `5442AB0B9178E0D1567479B471A3ED7ECF82C6A7` | ||||
It may be obtained via: | It may be obtained via: | ||||
``` | ``` | ||||
gpg --recv-keys 3199472CFB54790D90B8ECB4B1606D6B42B7F4C7 | gpg --recv-keys 5442AB0B9178E0D1567479B471A3ED7ECF82C6A7 | ||||
``` | ``` | ||||
Below are some basic instructions for encrypting your disclosure on Linux if you are unfamiliar with GPG: | Below are some basic instructions for encrypting your disclosure on Linux if you are unfamiliar with GPG: | ||||
1. If you don’t already have a PGP key, first download GPG: | 1. If you don’t already have a PGP key, first download GPG: | ||||
For Debian based distributions: | For Debian based distributions: | ||||
``` | ``` | ||||
sudo apt-get install gpg | sudo apt-get install gpg | ||||
Show All 38 Lines |