From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Call for volunteer(s) for Guix "security" web page Date: Fri, 16 Sep 2016 12:14:58 -0400 Message-ID: <20160916161458.GA17780@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46012) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkvnQ-00034S-SH for guix-devel@gnu.org; Fri, 16 Sep 2016 12:15:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bkvnL-0006Z0-Pw for guix-devel@gnu.org; Fri, 16 Sep 2016 12:15:23 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:42141) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkvnI-0006RK-Sp for guix-devel@gnu.org; Fri, 16 Sep 2016 12:15:19 -0400 Received: from localhost (unknown [172.56.37.169]) by mail.messagingengine.com (Postfix) with ESMTPA id 7748CF2988 for ; Fri, 16 Sep 2016 12:15:07 -0400 (EDT) Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello! GNU Guix should make it easier for bug reporters to contact us to report issues in Guix and Guix packages. So, we'd like to add a short "Security" page to our web site [0]. This page should: 1) Explain how to contact us privately about security issues [1], 2) Describe the Guix release signing key [2], 3) And include a link to the security updates section of the manual [3]. The page should be clear and concise. The main objectives are to make it easy for bug reporters to learn how to contact us, and to make it easy for anyone to know which key is used to sign our downloads. Does anyone volunteer to make this page? I like this example, although it does some things we don't plan to do at this time, such as provide a key for securely contacting the project, and explain how to use GnuPG: https://syncthing.net/security.html [0] Our web site is maintained in guix-artwork.git: git://git.savannah.gnu.org/guix/guix-artwork.git [1] Private communication should go to https://lists.gnu.org/mailman/listinfo/guix-security [2] The key should be described by the key fingerprint. https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html [3] https://www.gnu.org/software/guix/manual/html_node/Security-Updates.html --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX3BqCAAoJECZG+jC6yn8IQdwQAITAOc9q05PC3st5mxz3TksH QI6UjZYCnks5WlI64mxNmFLRLa3B5WZH9qjN+w5u0oKn1oBQ9q3xErAq4OPWUk90 yLD9nbxp1cXWSgw+qWxbCYRJNJlHwPjAp7EJy2oiR0WdKmrp6F7vJGcDYa8+Owo2 5l0xjkz6XapwVh7CvCanjpr/+KMPRHhQ8LUMAXAPkf2ZxTRLFdPYL1ecceOz+dcN YO4SYk4QA/Mr4uZnSJL6GJ4nDEjPXKeA7izsXd4j378wbKfJjUtbUbgSNT9lK5C3 3mvQtsWWeOYKUS7P7c4SxgFZU1kbCeDFpns+aiJiLbDpjWj9Mczkr+qYjk8xYWJK Z+aZkhQY0fn4Jd2sce4X5sHVx1JjG2PSjRw/FcNws47vJgOXL5klN7LcPHvkUyOQ e4mX3u1u3TqzjErJZMIijnkGq+swtop1Gs1oBJse8O7hg3Lx/FiU6fP6gjDBjAiJ FNvQbdOv7x6lhMkVJQ8oEif4FymOUgBWTbnjer9kOLtW/bO1/iVbWVqFFyo6tAQY NEGApyAEnPUEdzAB6tRiJO+ypOxwkf3zbZWCMYWbftbL1XE/5RgLBfsHRnt+c5FD yQHHTciL+hFjpD2JBy5gI28x/NOKQLDu7wdfESaYliCpEP51Z7y8t0UUo/hlSps2 U6zYFkq5k5l1HDr5Cxf6 =Zsip -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--