Add instructions for reporting vulnerabilities
Prominently in the Zuul User Guide, include a brief overview of preferred methods for reporting suspected security vulnerabilities. Also link to it from the README in such a way that the same reference can be reused in other related Zuul repositories following the same policy. Change-Id: I2bd13bd13372f26c328cd7d6b5618ee8edffe490
This commit is contained in:
Jeremy Stanley
parent
65a89f441b
commit
ddd8594a3c
@ -38,6 +38,10 @@ To clone the latest code, use `git clone https://git.zuul-ci.org/zuul`
|
||||
|
||||
Bugs are handled at: https://storyboard.openstack.org/#!/project/openstack-infra/zuul
|
||||
|
||||
Suspected security vulnerabilities are most appreciated if first
|
||||
reported privately following any of the supported mechanisms
|
||||
described at https://zuul-ci.org/docs/zuul/user/vulnerabilities.html
|
||||
|
||||
Code reviews are handled by gerrit at https://review.openstack.org
|
||||
|
||||
After creating a Gerrit account, use `git review` to submit patches.
|
||||
|
||||
@ -0,0 +1,162 @@
|
||||
pub rsa4096/0x48F9961143495829 2010-06-12 [SC] [expires: 2019-03-23]
|
||||
Key fingerprint = 97AE 496F C02D EC9F C353 B2E7 48F9 9611 4349 5829
|
||||
uid [ultimate] Jeremy Stanley <fungi@yuggoth.org>
|
||||
uid [ultimate] [jpeg image of size 2509]
|
||||
uid [ultimate] Jeremy Stanley <jeremy@openstack.org>
|
||||
sub rsa4096/0x17FC38FB4C6A6B3D 2010-06-12 [E] [expires: 2019-03-23]
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBEwToAQBEADkKijUR///dymLBuHX/C7VrKzqyR41QLE+yO2XoT6nP075MYuk
|
||||
1850i9mN7D4lGu4fpW7kmXirvowvN9CqMN8/T/yQNJtNcFD4ff9FEdUF7DnDNPYZ
|
||||
pq9iqkq2kMYm3dh2DwG0BdmsI0TAXfi1cFEizS6vxduLhCAMqon7TaNpcYhED/Id
|
||||
nKpS9pLbjfAG22i7worar//RlZE63CfwJti+rG6Zjg6BLflsD35TRc57asO2NDHp
|
||||
gFDUc0i5YjyPQGhYM91hqo/84pUe7A/atyTVSYHhe+SPwIGoHQorbdpaDAPhYv+g
|
||||
IMZ+hOBIATFsdyCUpg+X7HXyv+jxY5Enpxc4BvfyaxIm7iywjRANhlFvdV4+pSvY
|
||||
d0JhwSMxWyG5G/xzruM9B8dJtKdYHYRpn9OmNWTIM+qeZEjlpYWIazw9CPZqo4HS
|
||||
FGgCrALt1RbSAfFJGF1890QArlRgkwDHIS7GPXNdZCPCCGczG72Ivs613wInUAlZ
|
||||
767D4sKtY9L2XjKxndk8Rti6ceq0ENMRPy7SE1T14OkZM/eKQ/QhzjCLd4hpl/74
|
||||
HA0Tp13+LBUN51ttyn/taaFx1dA8AhAln0rx8McROjY82KEC/dA8pn/GlWQs00Se
|
||||
X8OzM8V943CwNEWLeOwUdUZQlmKMvoRJFZ1pmjp3M8LDUSnX+Dv68B/ekwARAQAB
|
||||
tCJKZXJlbXkgU3RhbmxleSA8ZnVuZ2lAeXVnZ290aC5vcmc+iQJXBBMBCgBBAhsD
|
||||
BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAhkBFiEEl65Jb8At7J/DU7LnSPmWEUNJ
|
||||
WCkFAlq0/AEFCRCCj30ACgkQSPmWEUNJWCmYgBAAwR3YG/zGYvhNUJkvv4FqEP7P
|
||||
b6M8fzx+wFTguLSAYjs31mWO0P6yFt05Wo2MCtDLi4kQzJ2Sim0FfqOTdebpVvjU
|
||||
i80or0TsmrXV47YVfsq1T8BmL+TvcF/vS/MArhnX/4RNnPNyhB56sTsN7tfmBsWn
|
||||
MjkUv/J5pB7Wm398EF0TvOL4DI/RgE7uzz/UB4S/ZwPdDMtZW5aJZaXcCkiHOvMh
|
||||
P1jlILjYJ0iBNayCtmBPXZYEqq/sk3GGxLHvCHTBUJMPsXQjXokWjQu5xUUf5/4b
|
||||
LBVzEvVB4pzg8s6SyGcrRA5sfT5BkxlRrkSl8/yhlgaRq/4FgAZu3HpceAlLSXHX
|
||||
3NNbUGjMieG1FXE+aGz7QWb42oZKK3MZCd7IpNjAI+8AaNTH2q++9gBNUvkCyZNu
|
||||
yuWZXe8s+PbJ9HRBcKRvvZ6A+3gmWjqW0OrEPQ5GnLyDw5Wr+TadLt4WXeg7VxcW
|
||||
HaORUSTzm5aESpUrsPlIf/dUiMtbNunLaW3Na9HLRIYsS7wsHeUXv6kyHJX0nczB
|
||||
B56Hbu/hE65xhM+FxG8UdCNdMZCfWr6AlbhVuNACPAaB9XXs8xQnq8zc+rjnqIE2
|
||||
FBx5SW5CIZlmXdC5SY0jb9KC2eWqgRtKKikK1uab5vSV5HYY57UG1gQt8IlBacMR
|
||||
DFSm9g2cAw/+rFCFg4q0IktpbnJ1aSA8a2lucnVpQGthdGFyc2lzLm11ZHB5Lm9y
|
||||
Zz6JAjUEMAEIAB8FAlGJSR4YHSBVbnVuc2VkIEUtbWFpbCBBZGRyZXNzAAoJEEj5
|
||||
lhFDSVgpcr8P/ilIGDNXXpAiUqbxLEImJRZ/bBrJKkW+OVaDYcyCZkOLnGFcVa++
|
||||
mcHHSMS4EHe7nhRl97yKW1+rQiIrEMnEGtE58OvhDy7ic7SYFrs46k6m1Q/6Trik
|
||||
Zg5+zC9p1o4yedJRP9iGmKdpPe+jWgFFA98nFScq9CdVqqfTvX8jVhr9p5ziSoHZ
|
||||
zBMOuSKgDuOqMnil96SMGNEGBP29OAHCay/0BfroHxFrBlV5She6CETgymZa2die
|
||||
3C4AEz0BdrIsT6pgIE4ZsP15jiPVxm2l52TDADSX0DQ+dSW5Zd8JSzdcjbWv2iTL
|
||||
fKtymO8Moa4aRcGmGuzq+iy5Z7FRwO5XBwarXdDfxBnAkYTiPRvw9QdzTCZespjX
|
||||
mNlLPeqAsTF5Z8k0kVK4iSjQJZNHHDly9/IBuBzMXVqQpzJS0t7B/zz2Z4hnNjL6
|
||||
sLNdFY2LK/zROPcBPLV62PVDcrtn1h8qduiRdospWuDu4nyqjQELREgktu4VktXL
|
||||
7MaHq16dCDuIyYOa6h/mXIOOpx7NLAILGC9zI7D3JXEWajRg6ttIRAjU05UWvl4X
|
||||
28xxKHP8ajP6sWhKzGa7LwQ1qxg6fPbCTZdLZo+WJOEEIJpU+OxaDt0cBhmi0fuS
|
||||
YPa3f4YhU+t5Pnw9KHx5LrrQDqLzX++hf0+7yn9Pa11KYND/S4mcP/GBtB1UaGUg
|
||||
RnVuZ2kgPGZ1bmdpQHl1Z2dvdGgub3JnPokCNwQwAQgAIQUCUYlF2hodIFJlZHVu
|
||||
ZGFudCBFLW1haWwgQWRkcmVzcwAKCRBI+ZYRQ0lYKd0TD/9uBJKPNvtu08FMN2td
|
||||
Z4xrAm657NK/z84Ubgq8B/ouMzqdOtjI+LCnr6Dj2l5Ifh3H7kUwB+RObYwqEuFb
|
||||
E1qpVkHfPIAsRnyW2fFXz8Sf4B/d6vnRGK8beFVKGFAXLKUqKLusKyzvQvGARU9b
|
||||
Nv9t7MSb3JJiPTviPwH+qtUSTYqBc6di5h5aAAZOaPx4uktdfI+v/8jDJGQxPlh+
|
||||
6lZ+6Vvq49SSHb/8R7tgbFfOIV2C6Z1rfR20VM8lpsbmPhbz7YH2cIOq8pQAbVEu
|
||||
Yz13AgNnIR0wj4NaphODfWOms7Y7sJ3BO32Et/dKJ5pzOeSghqH+qUDvzLAxmO/7
|
||||
EHmfdsHQn8iH2Usw3USTMXTM2UxdUclF6rKLiF+e9XBgrDroXKJtd+bjajuiCorw
|
||||
ZWZ6UYpg1iHdDkI2vAQvGZeBuQAGq8+y72dGmsTHlA0sgLg9VEZQvtolao9mCII/
|
||||
ZdxRUCtSDv3cfK3rjH8dZwz6Tw35IZYl6zlO42Z0iv6SCcRB9RwfRGW3+qZwVtzO
|
||||
HjsCZ/teVWn1jVYli6aekGgKYkFpX8J2JobCsLUajat3bUwodOMl1KxunLd14sbm
|
||||
04qMJlqlzxnGQDmbzscbGRowQd0lT6UzNcXuVwXUcpPt6a8MGU4PVVyDropfzWDu
|
||||
YQEKMwtyQ41/NJ3/yvseWTNMKNHJIMkeARAAAQEAAAAAAAAAAAAAAAD/2P/gABBK
|
||||
RklGAAEBAQBIAEgAAP/+ABtodHRwOi8vZnVuZ2kueXVnZ290aC5vcmcv/9sAQwAQ
|
||||
CwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBEV0U3OFBtUVdf
|
||||
YmdoZz5NcXlwZHhcZWdj/9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2Nj
|
||||
Y2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj/8AAEQgAkAB4AwEi
|
||||
AAIRAQMRAf/EABsAAAIDAQEBAAAAAAAAAAAAAAQFAgMGAAEH/8QAMRAAAgICAQMD
|
||||
AgQGAgMAAAAAAQIAAwQRIRIxQQVRYRMiBjJxgRQVI5GhsXLBNGLw/8QAGQEAAwEB
|
||||
AQAAAAAAAAAAAAAAAQIDBAAF/8QAIhEAAgIDAQACAgMAAAAAAAAAAAECEQMhMRIy
|
||||
QQRRIjNh/9oADAMBAAIRAxEAPwAL1O1VpCbHUxB1CqLVurDqf1HtFWbiPSessXUn
|
||||
8x7wnEwCFD2Oyk+FOp5jjHwtlw22xaay7nQH+Zn2PUxPudxrlYBdSyWOzDwx3F9d
|
||||
O0LOdAf5j4vKV2cVT2vINLEoeSNSrIvVONaErqtRjpiw35Eq02hq+hhVk2kg7BBn
|
||||
ttz2ApvQJ5EoRkB0AdjyDJ9LqDxsHzJ0kxvJBmVSBo8yPV93Yj9ZB9g8ElvYSVeR
|
||||
oBbBxHOGnp+WtafSt4HcN4jA5FIXZtTX/KI0euwaVxv+0i6kHtJPGpMVxCc/KGQ4
|
||||
VPyL/mCTp0vFKKpACvTTWM+g2u1aBxtlOiJ0n6SXHqeOalVn6xoMdAzpLJ0IV6hY
|
||||
qY5DdyRofvCK3WxA6nYMU52NdW3W7/UB46pdh4ty1/UNprU86HmTcF4uxQ6+1aqy
|
||||
7HQEUqfqVs/jZleZa1t30+tnAPmX0aWoIfJhUfKKQQufEe+4kj7QdCNsH0BnUMx0
|
||||
IRh1Cy0ccAzQogVABBPLLiNEccVsV0ehU19zsy630iuwaHA+IxBkhxI+mNwzt/4e
|
||||
sYH6TACKMz0HKpUnRYfE3g7TjWHU7AMeOWSJtRfUfLHWyh+d8Rnh3C1NPyPf2jv1
|
||||
/wBGVlNtK6PkCZvHY0Fh5HBHxNSmskb+yTj4f+Bjp0n4kZKtxYuvInhEMWK0EYBr
|
||||
GdQbWZE6xtlOiOe86DidBKNijj1BlXEfq88ASrKyVGKGQ9xxqC59OQjB7X617Ajx
|
||||
+0GIIp0TwZFQXlbClZXV9pZjyfEvQkOF3zxBqNu3xuEY4+pmgD3jyKxNF6bTrR1G
|
||||
mtQfCr6KxvvCWIAmR7ND/R5vmSBEjsGe7gATBlglIPPeWqR7wiMjZWHUgiYn1/BO
|
||||
LlGxR9jczcGKfXcYX4TnXIEeEvMjqtUY7Fs6WA/+MLsA6uO0W1Hpt6T4MaNoop+J
|
||||
repEOornTp0cQc5rKMZ+vsRr94kyG+wAe2p699t7D6jkyDr1NzwJCMPGmNE6gFVG
|
||||
u5jH0epf4h7n/KnA+TAqQXsCqI6wkWnG2e2yYmSWjRjQcfUFqHKyo+rVltdJgNuQ
|
||||
bFJrrBUd2J0ILXkpcu1Xt3ERQ0U9Kx4marEaPeEK7MCQYkoAsYBT3javGtCcb7Sb
|
||||
VFCVmQqclpEeq0p3OzF+WCrEOYA99FR6rF2I0Y2LJo09fqNVg+0iSvK3Y7geREWP
|
||||
fSuiamQE66iNiOMf7gdHjUElQqS6jA3jozXXyDGNZ6qRBPV0+n6rcP8A2l2M+6hN
|
||||
r4mZV1olOnrcmdGEK6hzOc6BJ59pdZUKWIB2INkWfTXZ7+JK/T0OtIJ9OO8op7Ls
|
||||
/rNPXiA46qfbmZb0AdecT3HSP9zaVsNaMhm1KjRj+Ni6/HT6LVMv2n24MFxcOmgO
|
||||
Erclho7j5q63HIkRTWvOt/rEUnwe4vYuxsRaz1AHXjcb0/k18QZjttQiv/qDrBPg
|
||||
u9RwxYpcb9jrxFV2BTdWqN1L0+db3NPwTz/aQOLXva8fEKk1wFqqkLsPDqGMtCqW
|
||||
XeyWHeMacUU16XsJai119/8AUk77B1A230Vy+kfPPX9fzS/4I/1KsU64Ms/EB6fV
|
||||
sj/kP9QbHYkhe+u03JfwRB/Jh7H4nTwNusbM6GPBX0suPVbqLPUHJbQ7AQ0nXUfY
|
||||
RdlbPMXGtjS+I1/Cw3dYT34mvU6Ex34VbWZYh8jf+ZrmYATP+R/YzRh3BF/1QFgu
|
||||
RlFRpe5kHZm4WRqrAYlzsmRLKKRcLFVgCw3C68ioN32InycSprhdySvbnsZQGZrN
|
||||
AkH3jJAkrH5dH2Aw3Kq8o76W3AcH09qrzbY5IPjZ5h9tStyNbgYtLjLw+xOPaUIS
|
||||
p0ZdviAVqjBfifX84tA+P9CU4el2fOpH1e7+I9XyH8Byo/bieUn+nuehVQSMrdyb
|
||||
DmIPK60eZ0oqfa68idAjmek/02glnvCt8Qawd50ehYR6Ewp9VqO9K4K/3mybmYGu
|
||||
w1urKdFTsGbnDyUysWu5ezD+x9pH8iLtSLYHqjrX+knzBcfLrexgW/L4A3C3QWHR
|
||||
HEn0VogCKBr2mdNGgo/i6iddBI+ZIZOCBvpGxLBk1pw+v7T0ZeMeQV/ecF0ep6jj
|
||||
kaOl9juQfNr+t0pYGHwZerpfwFUj9J5bi0FeKkB9wJ2hCxT1qDI5N4x8W25jxWpa
|
||||
e1EKAvtM/wDiz1EJSMKs/c/3P8DwIccfUqEnLyrMxsvYWPc87hCj7NQevR/XUIQ8
|
||||
qJ6MjGiyluzDzOnqL0trx3nRAlhHEHtHBhZIUEkQW0fb+sSPR2DFfMd/hzKZDbUx
|
||||
3X1bHwYrsqKV9R4Uf5MYfh9dizffr/6jZWnBnY/mjTK6seDLOnY4gDhqz1DtPUyx
|
||||
v7uJh8mu/wBhTYiWfnM9r9Oxgd7Jg7ZwA2DuVpnffs7hSYG0NUqVOF4E9YhRzF/8
|
||||
yXp13lJvtyW6V+0QeWdYdbcAG6eSBuYR+vOd7rCS7EnfzN1XSEqI78cn3mPwVH1n
|
||||
BUABtcTRgdWRzK6FtR0eYVRyCO8ryqWozLAVPR1cHxoyyoFX34PmapbMyCV3r9J0
|
||||
irHZ7HxOiLQzJ2eF3v3MqI6nA1vmTY70B2ngOupvaIh2W20i/GKyz8OsEays/mB3
|
||||
OR1qxOtzwBuB03vXemUq9AY9veFpuLR0XUkzXdPUkEuo8iEYly31K6ngiXNWD8TH
|
||||
w2dFRXpPInmhDbMcntoyNeGxPI1GsXyUVUlzwI1xscIo40J7Rjqg94SIrdnVRXkM
|
||||
K8d27AKTMRg/+Q+u5aan17I+lhMg/M/Ey9BKqU10vvYYy+FaZHL1DS2vrsrb3GiP
|
||||
eV3YSd1UAfHErwrLjXT9c7bqYCM7F0wIHiUeiK2Kv5c+uqohvjtOjG0Gtg9fHuJ0
|
||||
70zqR//ZiQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEl65J
|
||||
b8At7J/DU7LnSPmWEUNJWCkFAlq0/AkFCRCCj30ACgkQSPmWEUNJWCl50A//a2S6
|
||||
RDjk7/lgVHd4MZC0oWObAPecIOSajj3akdKhHJSh0gXvcZe1MMutcWKhJ25r5Opa
|
||||
gs41Av46rIOlbr9/btECFChMd3Jeysb8Akyg7k2Kws4OVN8OjYAvqUyacEVhfoZ9
|
||||
RS0Q8ldHGshPbMDRwRiXqjq1+Z+0RzOOhPkJLGJV7ARPIShF2TG+AUsb+ybo6ze3
|
||||
LA81UMO2hEnjKoUq5IYo4noA0mjZSU9gXMZ/hU213jYTYOiYWU78DEPt8H6bhGAg
|
||||
pNC480VQ3iK2+RHo3/C9UdP1YkEU6VP5Eag9hc8ZDfRnzk3uG2YAWmNz8Ij9HrXg
|
||||
aZnzEAIdswDzFLOzjnVgcKuAfalFjrhMRuaim7HEQZK9psGMfklK2FuehkE8KjHT
|
||||
Je28vOYqzTj4lhbwfQ5Yblgo28rCLCiVgnF4N1Kh83+RN5lNAl3LOWe6sJaLnONp
|
||||
RN+ZeDsrLYv0e+lEjF8R8ByffmSzqtAXUXkfj60LXfLbzAPB6c6jYUMtqqcFGi6o
|
||||
AxaG9r4f0zhVmjZOiqjrQ6D3k9yp+nou+enkhUiwBllU5TuOP+eTcgGrOykeVeKM
|
||||
G2Jqa1c5xTE2atd105DWlkrJwWsILLq4i2egG7sfogzfkACBtczIi1K4JZMyZMiz
|
||||
QhP3b470OBy4XoylnTaUhCcVK/Lhq7sP6TUarre0JUplcmVteSBTdGFubGV5IDxq
|
||||
ZXJlbXlAb3BlbnN0YWNrLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
|
||||
AQACHgECF4AWIQSXrklvwC3sn8NTsudI+ZYRQ0lYKQUCWrT8CgUJEIKPfQAKCRBI
|
||||
+ZYRQ0lYKc6tD/4/44zoUTP48IgXBLTCkv8ngc66mUkti0eML70J5jzgUFm/0BZ4
|
||||
2y34mi6ZG80vURIKxMRtcoMuAt9LlT68sEl8CBs5MZIgATXM3N7LF6NpXZHJncdM
|
||||
CGCNmnJUVjEivO09lxB74wsx9Hp8TjGdMMl3L5bLM+vR1OA7brA01XiG4EP+50YI
|
||||
xTvb9ICVrysRJ91fA7PbyzhhWchMiYlu5qXiEEsAavk6kIkmfpRwZ/QUUn73Y5Ja
|
||||
zmTjIpLNij5sz8tCcB8AbTZBI5/QmhfH37Y56J0EnV9blIlBRP9XaMEsSz5vLdq5
|
||||
Ubj5U0/Grm7RauKHLFscFhkridDSSi9e/CheHS8qH/ooMWMYHgxEVezsBuhJHzh8
|
||||
QcIGSbhWgRxvAPfYJ7TvHRJQ9d/+tAf1Gu1NrYk8+Blb+h1yzkQqvIvWdAPy0NRO
|
||||
DlQ3lo2Qk5bcGKqTstXkFeC57SAZSqZHQeNqhRU7l8QfPYIEL7bkB4r0yhjsCBk9
|
||||
h2x+HOYHb0GVjN2A8OB29zH46HxCSUV18/JcDGiz15G6cKiRvoneAWmcR95lXY0M
|
||||
URs6Uquvoun5YJ0iKzgVLl7ct4SxYKwYpmWCuTMPlVX2ChqlebgrKxwXtlGa0n2O
|
||||
WHOAjN3A9IFYqLhVE/nhXI+TbA1uaz/hrEF5dQXC4V0aHMuGLSoSk9/HkbkCDQRM
|
||||
E6AEARAAq83wcgaF39i7uHL4isOANf39rCZD6CbsR9miTuRbK9v3fwidszRSuAC6
|
||||
DQ2c5hg2kYQoGX9YqNNeuWQwL6YnoDUY+QbFK1gjuB9lt8F4Neuhs1TPJ1cTbQxa
|
||||
qtj6ijhpC4phX8K+qEezVPcHhaTl3Nouir22XhAH4wy5ArneK6tA+pzwo7tYAkve
|
||||
DFbfLjsZtK9acJLEDnS8RWQLMBowOsJPg2xelnPgm5EliDji/LaBIVro5PbLRN83
|
||||
Joj5pyjhgqH8sSeuvdRJGo/SJJUujPsA0v0o1pgwdzKt8SORpEhm1tkMBNbLWL3n
|
||||
dYYqFRcZl4drN151tmSML2w2yxNxm5DPJZRwkDKdgfSv368jb0/vvDwZXtMiqBIj
|
||||
bzmdDi9rOOHyH4I567uGQ4emjvWGCE0yMx9e9ADtGJjGdQvWFL/eyzuvcKUp38TI
|
||||
RqleuMIV11Zoau0tXvxlBpQr6LPBs2880/32jqvzFOjA8ZdopSE9JU2ABI59QYWa
|
||||
SY3rRaypIJu+DvSCmcg2BYLzIHacYkOO+LxjWnQcdeaX0fdRufQnAUQOhX7tGOUT
|
||||
IsN5vG3SgcO8vAEGmh141/NylfQfctZYKGu2mHkd6Et/us/1aEEGc3JFfkWcw++P
|
||||
r5DWCKYbfS6XqdcKYtuyWjCjPWSEJ3KK5LwLqnWkgdwL8CE3lS0AEQEAAYkCPAQY
|
||||
AQoAJgIbDBYhBJeuSW/ALeyfw1Oy50j5lhFDSVgpBQJatPwSBQkQgo+OAAoJEEj5
|
||||
lhFDSVgpOKoQAOK0hG2VBNLkiCppzdiImlcvzM+jJ1eooioOuICGIpBTO7hmJvIm
|
||||
Te6igBz19sl1CMPAGhL4+HsajSDOOal71AkJOt3qO7e5lbOA8Euo64iDHW2iSw6E
|
||||
lfmgsS8rneYs7cAuHcZF9f14PwJ9pS9aTqxI3gjsYPB5qNXN8lzc4a4VP/WjnNDC
|
||||
O5ZsmsTAKmvo6hoTPNAXomg8CgEgK8N7hTRfCrMkieFz1wlMD38PNkhTJJ7opN/3
|
||||
VxX5mAj+6OqmnhoLtO+VQI+K1cNuad8xsvl+MbOmrK+yEnp15dGevM9ws7ybngJ4
|
||||
qhNXIpFl6fxcTLoalPDLZFWU935RbEIbzj6yYxfJs9nxqYOEDm8oFAwNkK2FNMeS
|
||||
0RYnaat6Ml8/KPTQDg3KNKN7qRcegLofRrE4xIEWV15liASTtFlzR/ZS+kYJN/b9
|
||||
vlcnOAj8SfwFVS5mg7ryHt/eC2Y3tx670o8zqWwSZ1lVomPybJdAFwwY4kWOV2pQ
|
||||
nGtuamOJg9JIGbPb9LLglbXDexbdkWLpN5i++2FUoqe3mGnf+RRAu46RG5PCBZ3+
|
||||
1g+7tCuwVRMT4FTPLmdORJbUQecDkyAD8BE3DuF+7hZrzQi/oiDa8mdvORy4l8fA
|
||||
QtZYZzk5hURw7zRM87IzZedm0dpBseybhKvtvRltOt6pr8h/p+SsnYiL
|
||||
=C5JG
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -0,0 +1,71 @@
|
||||
pub rsa4096 2018-01-11 [SC] [expires: 2019-03-23]
|
||||
FB2EE15B2F0F12662B68ED9603750DEC158E5FA2
|
||||
uid [ultimate] Tobias Henkel <tobias.henkel@bmw-carit.de>
|
||||
uid [ultimate] Tobias Henkel <tobias.henkel@bmw.de>
|
||||
sub rsa4096 2018-01-11 [E] [expires: 2019-03-23]
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFpXBi8BEACnNMAX1sljAopBAZ/3fYVBC3R7AwwujALt4PzbysUmy1XKB2zb
|
||||
ZEu8XNyBIYX0DDIBFvTyVHTjY2ztF6VVEovYOc1BdEZivvxSXuK/AWnZDASXmN0Y
|
||||
TlHKiNLo+fI3j1esMIEaKb1DmJOwxSY4MxiUSZ9XRgn0tn/u5kktzjcicnhAmWL5
|
||||
V1H77bHiOu1+N9AWDFslYPdI4vaRcK6Vo3ePyviLSGN6LGX7qHIPyUKGctRQlADL
|
||||
vdyK3tBfexA2GqueLTWBezO9V02BkIQVbvkwrJbx5IOw4xwa+JcJgRT4voxqB4vg
|
||||
ukuJEiovP/JPQ+r7Mp9o+3BzhcePbL5amNLBPYio1tXQ0m675SNplrSRc9tYMaMq
|
||||
uRGXAvgEH1WrO5k1jdwkjmk84h/EPckRO2MKr1Jv6bTotrnkkb7hnXUn533G89e2
|
||||
F4IM6pV0Uf8Y58iaBnWj+C80wp9B8wp8OYI4uhmB7nv0O0ZZl5sal6AMxG9jgaSd
|
||||
Wb/wOTYZRgI9MDC1HKyafxBWuGuK9ZylqzNuQAfPhCUjqXfg1rAR5LKG/Fhpdhjq
|
||||
9ngF8QEKN5jvFXUQzSvTvQVZnbALDPS60D/uyLyWSR61/IzhLiyLnS8AIwUCnKY9
|
||||
RVVn8it4HE0o4MeoX2SWTQgu73Yn6fhMhq3pfNYpYRH/Or2UAo2LZKOQnQARAQAB
|
||||
tCpUb2JpYXMgSGVua2VsIDx0b2JpYXMuaGVua2VsQGJtdy1jYXJpdC5kZT6JAlUE
|
||||
EwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE+y7hWy8PEmYraO2W
|
||||
A3UN7BWOX6IFAlq1BvEFCQI/NEIACgkQA3UN7BWOX6JaIA/8DkfZFwwFu8f+gXGg
|
||||
Cj0x7b8g59zy5EOOrJJ1YLVfesm1s1b15Gdww1VD5imPTsD6wP4CSOpDLFkKDT6r
|
||||
PqBJuIrVWZ/xZE9vkBxNgx/RmWhGXkMklRegAXxcXyse/liFypy+194frtVYM4BJ
|
||||
kq08KQJftZPHoljUX02yfxtsygHl4t4E/zIMSHDjQZ4B/vcE8SXs5/zWrACpu1/l
|
||||
PdP415YQ9pXlhIIMhcl5nFS+DOfVitaIBSkchqadxr1+Qkw31TeSl+dy2s7hneWN
|
||||
2tG3plP1vQA1hzf5UGzMvFCaLYjnBAjKVZF5bqE+bNI2Q5o+U5fCSqFytWy7OW2M
|
||||
cTmf+Flwe1zf4RkVsGHcleweeQ9IDeAGBm/t3YPn2KNIby5/u8csJFcbWsS2v8is
|
||||
7EVwEVv8N1mpa2eK7joYRKDijEy3okKkYoQWOAKSkZwyqpcTVn8gbAIJPiaI96we
|
||||
xErHhrQe42cnKqwVHkLzh66zpEhpgJhjGmmFOfkJUB46vMcoiiowZHsx0wPaWwte
|
||||
0MHHvpmuQYC3+dlbfbGAd2V1K4WtVu2Kng1n/7rY1wGyyIShVjdFThrArkJKErkL
|
||||
yG93fFXqFbqmUjqPWv8qdu3Ncn7LH55j2l3DkYYuu2kEF6zf1lJYU8A46UnNpN4B
|
||||
11FZ/ruMXYGg1iC8QJB7mKhmiXG0JFRvYmlhcyBIZW5rZWwgPHRvYmlhcy5oZW5r
|
||||
ZWxAYm13LmRlPokCVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AW
|
||||
IQT7LuFbLw8SZito7ZYDdQ3sFY5fogUCWrUG8QUJAj80QgAKCRADdQ3sFY5fopnD
|
||||
D/9pB+msaygKwuGZDX10wl5vv8mbmI0Y2nWODIJ4c8uJWAEJgZMSI/R7oYRKiHdV
|
||||
hqv7yTIrX9m3OWq+PLE865dFEtWiXoHiz56leNYFWIUunmjxoW9Kcdb9fVyTRUlI
|
||||
j0o9LKWqZJcihncBlOHVQVNAzeaSaoDQVN40tOInxUKwquvFws1vaKMCan2UJpsw
|
||||
XrfZl/WjLTEHnT+LuSdlDL1uNn9fpR/glVE0damQcah0uUOYRwpVhiPvaThv68cU
|
||||
W1Wwj/7oLt5NS62oByIYcPX5fzFGh+0A6t1PAqdjJp/QvlOjK+KT2VkpghPcVghC
|
||||
zYr7s4WEAYrmvY3QCCIUPaBaoH1ydIXc6ZQp2edfSgi4o1mGOaYziWkvLvKg34S6
|
||||
Yzk211kBE8VZMz98+gpHCo9tA+brChFIB6V2txrHAdhzdd/MnM1SEuB60bzxJ3rX
|
||||
ZMqJNwZguOVxxlBs3hMMapEMSBpVQv2lqFjocw7g7olPMJcaHuC+edxN2krkwpvl
|
||||
lM4hd2jdepA1IT3clsCvMku5UB4f1QUQx+AFxAirTQkczMdjQGi8UtScjULCyO2H
|
||||
M+lQjRYWa7x5FEM8m2+CMyKnyvCS6SQq3Uw9NNJ5PsaMQOwTaedilnmI538qbImZ
|
||||
oChztVVU2byPw0V+R7De7kS5O6TB4Nc/GdrYUoBmeKprwLkCDQRaVwYvARAAu6F3
|
||||
lC4NVK6uxZQT8hVbnmATm5yk1BOVP1pd+HeY1yGzbOPkIhPg6dNjxSEaSRvF26yw
|
||||
jhFI940b9fa/mqPBPCRyt8XkRfZHr91qf/amNxs/LSAgAdGsrpFDG6TVkGDJfPlL
|
||||
6XkdLtQdBuGHiFDABH3SCx4pfYYQvNX0Z0wEYIOm4Dkj2k1ceEDK7oizkZCzHhao
|
||||
mzLKkNHH9rbaq5WV0DxLjQla9JjE1HlMyL5HT/oM9Qs7PCMqqczV0D8gmCcx+uBD
|
||||
j6BWTnpWRgVWVg/O3ulrAU4XaVy8eJ0hiFPBuD1SIFaby2MBlbbJwWWNQtimXc6H
|
||||
zS4YSLWGN7rsU/UDKriFbaycHopD2OAJsx6xvuDV6lWMQhN/3PHMvIpNuqw2IzHA
|
||||
Y+wqHwlsa+xDuVISNc9sVj9le6r7SKJ8VvbgJbrcQ4LIgBvgtqr+PHvE3ygscpUr
|
||||
AKYvEHgu40X+A8Q6VP8DQ5sdTvJbLJSrJVK6uCcS8tzDrLFax/VYAez+PxsXhLKB
|
||||
kv/zG9ZE1Utb+B0OQIlwsK4nIz5p8obdWsrrMSm7JEKh6NQKa4qO1VvsxgARAT6i
|
||||
4CS/8NywYe8eXyN+M9BOl+f7RuzfQukd5dYas3YE+JrHg5TEueUqHxKGQv21PAb3
|
||||
F/yMm7CVTvw30CAZqW0vShw79YWYdEO3lkVB050AEQEAAYkCPAQYAQgAJgIbDBYh
|
||||
BPsu4VsvDxJmK2jtlgN1DewVjl+iBQJatQcNBQkCPzReAAoJEAN1DewVjl+itPIP
|
||||
/RTbOYHUdZWeXcCqGiU5G/+mxlnrEPHR+B5idRZTEPClIzHGuywRai7BLDSq5t+t
|
||||
GAhO4kjKuaUIo7UUOlCK9dgn9l/jl7hh6HEjUX1JAwgpWlnwIJTqAiklZhvx9BWb
|
||||
GBF2mzlDYIR6FP/JBJIWMuBZxnNjMV8lEaH0675xrLHD1W8VJsybqqoqN+zLQrP4
|
||||
YY/xrSQJA968LuxYpWmWbhTzYuNv6fsQSlF36ayrAjxGfJ2zQ7wwfF5Kbo6tFDyx
|
||||
R7UwdVxDc0FmABPs+skbOjjAZP7IB8ZjBb6+BrDCEUXOEfjv7Xwo5RoxmPAH3a8L
|
||||
LuQAKrpz3fwlXyL0vyOtNN2vhGTmR9zCap37PlFZ/zI8VdVRaLenYwcglEtoxy6A
|
||||
d3kFO7ZOdk+D9zVm7inv8aKZ4ru8FLVwSDVEEP00P0a7NbyMs5PkpK29+xqAbkq+
|
||||
4xhq0sW1TdB+7W13G/2nymzJ58x9pXQwSVQZLVIbnmf7rGp0Z+CrcnV+XkZOVqPQ
|
||||
tQvWIshx11oB/oBkUr4109Lg+qOti+jQ1aT8KxVIFBITl1HLm9vpIy24qFLpGdIh
|
||||
wIHaKIZS27Rkje/xzfl6qJ3xBsIY0Bh/z2xe8jvJ55VN2FNDxAXh8i7grV+77Xqh
|
||||
Y1Ls9ADOLHGQfS+2i9J89mU+XCyxNTpbRy/d86WN5Unj
|
||||
=NkrA
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -18,3 +18,4 @@ configure it to meet your needs.
|
||||
encryption
|
||||
badges
|
||||
howtos
|
||||
vulnerabilities
|
||||
|
||||
68
doc/source/user/vulnerabilities.rst
Normal file
68
doc/source/user/vulnerabilities.rst
Normal file
@ -0,0 +1,68 @@
|
||||
:title: Vulnerability Reporting
|
||||
|
||||
.. _vulnerability-reporting:
|
||||
|
||||
Vulnerability Reporting
|
||||
=======================
|
||||
|
||||
Zuul strives to be as secure as possible, implementing a layered
|
||||
defense-in-depth approach where any untrusted code is executed and
|
||||
leveraging well-reviewed popular libraries for its cryptographic
|
||||
needs. Still, bugs are inevitable and security bugs are no exception
|
||||
to that rule.
|
||||
|
||||
If you've found a bug in Zuul and you suspect it may compromise the
|
||||
security of some part of the system, we'd appreciate the opportunity
|
||||
to privately discuss the details before any suspected vulnerability
|
||||
is made public. There are a couple possible ways you can bring
|
||||
security bugs to our attention:
|
||||
|
||||
Create a Private Story in StoryBoard
|
||||
------------------------------------
|
||||
|
||||
You can create a private story at the following URL:
|
||||
|
||||
`<https://storyboard.openstack.org/#!/story/new?force_private=true>`_
|
||||
|
||||
Using this particular reporting URL helps prevent you from
|
||||
forgetting to set the ``Private`` checkbox in the new story UI
|
||||
before saving. If you're doing this from a normal story creation
|
||||
workflow instead, please make sure to set this checkbox first.
|
||||
|
||||
Enter a short but memorable title for your vulnerability report and
|
||||
provide risks, concerns or other relevant details in the description
|
||||
field. Where it lists teams and users that can see this story, add
|
||||
the ``zuul-security`` team so they'll be able to work on triaging
|
||||
it. For the initial task, select the project to which this is
|
||||
specific (e.g., ``openstack-infra/zuul`` or
|
||||
``openstack-infra/nodepool``) and if it relates to additional
|
||||
projects you can add another task for each of them making sure to
|
||||
include a relevant title for each task. When you've included all the
|
||||
detail and tasks you want, save the new story and then you can
|
||||
continue commenting on it normally. Please don't remove the
|
||||
``Private`` setting, and instead wait for one of the zuul-security
|
||||
reviewers to do this once it's deemed safe.
|
||||
|
||||
Report via Encrypted E-mail
|
||||
---------------------------
|
||||
|
||||
If the issue is extremely sensitive or you’re otherwise unable to
|
||||
use the task tracker directly, please send an E-mail message to one
|
||||
or more members of the Zuul security team. You’re encouraged to
|
||||
encrypt messages to their OpenPGP keys, which can be found linked
|
||||
below and also on the keyserver network with the following
|
||||
fingerprints:
|
||||
|
||||
.. TODO: add some more contacts/keys here
|
||||
|
||||
* Jeremy Stanley <fungi@yuggoth.org>:
|
||||
`key 0x97ae496fc02dec9fc353b2e748f9961143495829`_ (details__)
|
||||
|
||||
* Tobias Henkel <tobias.henkel@bmw.de>:
|
||||
`key 0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2`_ (details__)
|
||||
|
||||
.. _`key 0x97ae496fc02dec9fc353b2e748f9961143495829`: ../_static/0x97ae496fc02dec9fc353b2e748f9961143495829.txt
|
||||
.. __: https://sks-keyservers.net/pks/lookup?op=vindex&search=0x97ae496fc02dec9fc353b2e748f9961143495829&fingerprint=on
|
||||
|
||||
.. _`key 0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2`: ../_static/0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2.txt
|
||||
.. __: https://sks-keyservers.net/pks/lookup?op=vindex&search=0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2&fingerprint=on
|
||||
Loading…
x
Reference in New Issue
Block a user