diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-10-19 17:52:58 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-10-19 17:52:58 -0700 |
| commit | 99b69d94cf95b39164dd9d35ff7a463b7a1b7f20 (patch) | |
| tree | 0715aa4253debaccd2217fcfa1ab4e030cd8f9dd | |
| parent | a4444554aca86bb27ecfbedff81759b904bcd7b9 (diff) | |
| download | cryptography-99b69d94cf95b39164dd9d35ff7a463b7a1b7f20.tar.gz cryptography-99b69d94cf95b39164dd9d35ff7a463b7a1b7f20.tar.bz2 cryptography-99b69d94cf95b39164dd9d35ff7a463b7a1b7f20.zip | |
Start better documenting our security procedure
| -rw-r--r-- | docs/contributing.rst | 7 | ||||
| -rw-r--r-- | docs/index.rst | 1 | ||||
| -rw-r--r-- | docs/security.rst | 12 |
3 files changed, 15 insertions, 5 deletions
diff --git a/docs/contributing.rst b/docs/contributing.rst index b125d1af..dc8ce453 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -32,11 +32,8 @@ devastating, ``cryptography`` has a strict code review policy: The purpose of these policies is to minimize the chances we merge a change which jeopardizes our users' security. -We do not yet have a formal security contact. To report security issues in -``cryptography`` you should email ``alex.gaynor@gmail.com``, messages may be -encrypted with PGP to key fingerprint -``E27D 4AA0 1651 72CB C5D2 AF2B 125F 5C67 DFE9 4084`` (this public key is -available from most commonly-used keyservers). +If you believe you've identified a security issue in ``cryptography``, please +follow the directions on the :doc:`security page </security>`. Code ---- diff --git a/docs/index.rst b/docs/index.rst index 5cc455f6..a868a5d6 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -34,4 +34,5 @@ Contents primitives/index bindings/index contributing + security community diff --git a/docs/security.rst b/docs/security.rst new file mode 100644 index 00000000..36c8e0f7 --- /dev/null +++ b/docs/security.rst @@ -0,0 +1,12 @@ +Security +======== + +We take the security of ``cryptography`` seriously. If you believe you've +identified a security issue in it, please report it to +``alex.gaynor@gmail.com``. Message may be encrypted with PGP using key +fingerprint ``E27D 4AA0 1651 72CB C5D2 AF2B 125F 5C67 DFE9 4084`` (this public +key is available from most commonly-used keyservers). + +Once you’ve submitted an issue via email, you should receive an acknowledgment +within 48 hours, and depending on the action to be taken, you may receive +further followup emails. |