On Fri, Sep 16, 2016 at 12:14:58PM -0400, Leo Famulari wrote:
> Hello!
> 
> GNU Guix should make it easier for bug reporters to contact us to report
> issues in Guix and Guix packages.
> 
> So, we'd like to add a short "Security" page to our web site [0]. This
> page should:
> 
> 1) Explain how to contact us privately about security issues [1],
> 
> 2) Describe the Guix release signing key [2],
> 
> 3) And include a link to the security updates section of the manual [3].

I've attached my first draft of this page. This patch is for
guix-artwork.git.

Please give me your feedback.

I'm specifically unsure of what to say about the signing key. Should we
recommend that users get it from a certain place? Should we provide the
public key itself on this page?