Add instructions for reporting vulnerabilities
Prominently in the Zuul User Guide, include a brief overview of preferred methods for reporting suspected security vulnerabilities. Also link to it from the README in such a way that the same reference can be reused in other related Zuul repositories following the same policy. Change-Id: I2bd13bd13372f26c328cd7d6b5618ee8edffe490
This commit is contained in:
parent
65a89f441b
commit
ddd8594a3c
|
@ -38,6 +38,10 @@ To clone the latest code, use `git clone https://git.zuul-ci.org/zuul`
|
||||||
|
|
||||||
Bugs are handled at: https://storyboard.openstack.org/#!/project/openstack-infra/zuul
|
Bugs are handled at: https://storyboard.openstack.org/#!/project/openstack-infra/zuul
|
||||||
|
|
||||||
|
Suspected security vulnerabilities are most appreciated if first
|
||||||
|
reported privately following any of the supported mechanisms
|
||||||
|
described at https://zuul-ci.org/docs/zuul/user/vulnerabilities.html
|
||||||
|
|
||||||
Code reviews are handled by gerrit at https://review.openstack.org
|
Code reviews are handled by gerrit at https://review.openstack.org
|
||||||
|
|
||||||
After creating a Gerrit account, use `git review` to submit patches.
|
After creating a Gerrit account, use `git review` to submit patches.
|
||||||
|
|
|
@ -0,0 +1,162 @@
|
||||||
|
pub rsa4096/0x48F9961143495829 2010-06-12 [SC] [expires: 2019-03-23]
|
||||||
|
Key fingerprint = 97AE 496F C02D EC9F C353 B2E7 48F9 9611 4349 5829
|
||||||
|
uid [ultimate] Jeremy Stanley <fungi@yuggoth.org>
|
||||||
|
uid [ultimate] [jpeg image of size 2509]
|
||||||
|
uid [ultimate] Jeremy Stanley <jeremy@openstack.org>
|
||||||
|
sub rsa4096/0x17FC38FB4C6A6B3D 2010-06-12 [E] [expires: 2019-03-23]
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBEwToAQBEADkKijUR///dymLBuHX/C7VrKzqyR41QLE+yO2XoT6nP075MYuk
|
||||||
|
1850i9mN7D4lGu4fpW7kmXirvowvN9CqMN8/T/yQNJtNcFD4ff9FEdUF7DnDNPYZ
|
||||||
|
pq9iqkq2kMYm3dh2DwG0BdmsI0TAXfi1cFEizS6vxduLhCAMqon7TaNpcYhED/Id
|
||||||
|
nKpS9pLbjfAG22i7worar//RlZE63CfwJti+rG6Zjg6BLflsD35TRc57asO2NDHp
|
||||||
|
gFDUc0i5YjyPQGhYM91hqo/84pUe7A/atyTVSYHhe+SPwIGoHQorbdpaDAPhYv+g
|
||||||
|
IMZ+hOBIATFsdyCUpg+X7HXyv+jxY5Enpxc4BvfyaxIm7iywjRANhlFvdV4+pSvY
|
||||||
|
d0JhwSMxWyG5G/xzruM9B8dJtKdYHYRpn9OmNWTIM+qeZEjlpYWIazw9CPZqo4HS
|
||||||
|
FGgCrALt1RbSAfFJGF1890QArlRgkwDHIS7GPXNdZCPCCGczG72Ivs613wInUAlZ
|
||||||
|
767D4sKtY9L2XjKxndk8Rti6ceq0ENMRPy7SE1T14OkZM/eKQ/QhzjCLd4hpl/74
|
||||||
|
HA0Tp13+LBUN51ttyn/taaFx1dA8AhAln0rx8McROjY82KEC/dA8pn/GlWQs00Se
|
||||||
|
X8OzM8V943CwNEWLeOwUdUZQlmKMvoRJFZ1pmjp3M8LDUSnX+Dv68B/ekwARAQAB
|
||||||
|
tCJKZXJlbXkgU3RhbmxleSA8ZnVuZ2lAeXVnZ290aC5vcmc+iQJXBBMBCgBBAhsD
|
||||||
|
BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAhkBFiEEl65Jb8At7J/DU7LnSPmWEUNJ
|
||||||
|
WCkFAlq0/AEFCRCCj30ACgkQSPmWEUNJWCmYgBAAwR3YG/zGYvhNUJkvv4FqEP7P
|
||||||
|
b6M8fzx+wFTguLSAYjs31mWO0P6yFt05Wo2MCtDLi4kQzJ2Sim0FfqOTdebpVvjU
|
||||||
|
i80or0TsmrXV47YVfsq1T8BmL+TvcF/vS/MArhnX/4RNnPNyhB56sTsN7tfmBsWn
|
||||||
|
MjkUv/J5pB7Wm398EF0TvOL4DI/RgE7uzz/UB4S/ZwPdDMtZW5aJZaXcCkiHOvMh
|
||||||
|
P1jlILjYJ0iBNayCtmBPXZYEqq/sk3GGxLHvCHTBUJMPsXQjXokWjQu5xUUf5/4b
|
||||||
|
LBVzEvVB4pzg8s6SyGcrRA5sfT5BkxlRrkSl8/yhlgaRq/4FgAZu3HpceAlLSXHX
|
||||||
|
3NNbUGjMieG1FXE+aGz7QWb42oZKK3MZCd7IpNjAI+8AaNTH2q++9gBNUvkCyZNu
|
||||||
|
yuWZXe8s+PbJ9HRBcKRvvZ6A+3gmWjqW0OrEPQ5GnLyDw5Wr+TadLt4WXeg7VxcW
|
||||||
|
HaORUSTzm5aESpUrsPlIf/dUiMtbNunLaW3Na9HLRIYsS7wsHeUXv6kyHJX0nczB
|
||||||
|
B56Hbu/hE65xhM+FxG8UdCNdMZCfWr6AlbhVuNACPAaB9XXs8xQnq8zc+rjnqIE2
|
||||||
|
FBx5SW5CIZlmXdC5SY0jb9KC2eWqgRtKKikK1uab5vSV5HYY57UG1gQt8IlBacMR
|
||||||
|
DFSm9g2cAw/+rFCFg4q0IktpbnJ1aSA8a2lucnVpQGthdGFyc2lzLm11ZHB5Lm9y
|
||||||
|
Zz6JAjUEMAEIAB8FAlGJSR4YHSBVbnVuc2VkIEUtbWFpbCBBZGRyZXNzAAoJEEj5
|
||||||
|
lhFDSVgpcr8P/ilIGDNXXpAiUqbxLEImJRZ/bBrJKkW+OVaDYcyCZkOLnGFcVa++
|
||||||
|
mcHHSMS4EHe7nhRl97yKW1+rQiIrEMnEGtE58OvhDy7ic7SYFrs46k6m1Q/6Trik
|
||||||
|
Zg5+zC9p1o4yedJRP9iGmKdpPe+jWgFFA98nFScq9CdVqqfTvX8jVhr9p5ziSoHZ
|
||||||
|
zBMOuSKgDuOqMnil96SMGNEGBP29OAHCay/0BfroHxFrBlV5She6CETgymZa2die
|
||||||
|
3C4AEz0BdrIsT6pgIE4ZsP15jiPVxm2l52TDADSX0DQ+dSW5Zd8JSzdcjbWv2iTL
|
||||||
|
fKtymO8Moa4aRcGmGuzq+iy5Z7FRwO5XBwarXdDfxBnAkYTiPRvw9QdzTCZespjX
|
||||||
|
mNlLPeqAsTF5Z8k0kVK4iSjQJZNHHDly9/IBuBzMXVqQpzJS0t7B/zz2Z4hnNjL6
|
||||||
|
sLNdFY2LK/zROPcBPLV62PVDcrtn1h8qduiRdospWuDu4nyqjQELREgktu4VktXL
|
||||||
|
7MaHq16dCDuIyYOa6h/mXIOOpx7NLAILGC9zI7D3JXEWajRg6ttIRAjU05UWvl4X
|
||||||
|
28xxKHP8ajP6sWhKzGa7LwQ1qxg6fPbCTZdLZo+WJOEEIJpU+OxaDt0cBhmi0fuS
|
||||||
|
YPa3f4YhU+t5Pnw9KHx5LrrQDqLzX++hf0+7yn9Pa11KYND/S4mcP/GBtB1UaGUg
|
||||||
|
RnVuZ2kgPGZ1bmdpQHl1Z2dvdGgub3JnPokCNwQwAQgAIQUCUYlF2hodIFJlZHVu
|
||||||
|
ZGFudCBFLW1haWwgQWRkcmVzcwAKCRBI+ZYRQ0lYKd0TD/9uBJKPNvtu08FMN2td
|
||||||
|
Z4xrAm657NK/z84Ubgq8B/ouMzqdOtjI+LCnr6Dj2l5Ifh3H7kUwB+RObYwqEuFb
|
||||||
|
E1qpVkHfPIAsRnyW2fFXz8Sf4B/d6vnRGK8beFVKGFAXLKUqKLusKyzvQvGARU9b
|
||||||
|
Nv9t7MSb3JJiPTviPwH+qtUSTYqBc6di5h5aAAZOaPx4uktdfI+v/8jDJGQxPlh+
|
||||||
|
6lZ+6Vvq49SSHb/8R7tgbFfOIV2C6Z1rfR20VM8lpsbmPhbz7YH2cIOq8pQAbVEu
|
||||||
|
Yz13AgNnIR0wj4NaphODfWOms7Y7sJ3BO32Et/dKJ5pzOeSghqH+qUDvzLAxmO/7
|
||||||
|
EHmfdsHQn8iH2Usw3USTMXTM2UxdUclF6rKLiF+e9XBgrDroXKJtd+bjajuiCorw
|
||||||
|
ZWZ6UYpg1iHdDkI2vAQvGZeBuQAGq8+y72dGmsTHlA0sgLg9VEZQvtolao9mCII/
|
||||||
|
ZdxRUCtSDv3cfK3rjH8dZwz6Tw35IZYl6zlO42Z0iv6SCcRB9RwfRGW3+qZwVtzO
|
||||||
|
HjsCZ/teVWn1jVYli6aekGgKYkFpX8J2JobCsLUajat3bUwodOMl1KxunLd14sbm
|
||||||
|
04qMJlqlzxnGQDmbzscbGRowQd0lT6UzNcXuVwXUcpPt6a8MGU4PVVyDropfzWDu
|
||||||
|
YQEKMwtyQ41/NJ3/yvseWTNMKNHJIMkeARAAAQEAAAAAAAAAAAAAAAD/2P/gABBK
|
||||||
|
RklGAAEBAQBIAEgAAP/+ABtodHRwOi8vZnVuZ2kueXVnZ290aC5vcmcv/9sAQwAQ
|
||||||
|
CwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBEV0U3OFBtUVdf
|
||||||
|
YmdoZz5NcXlwZHhcZWdj/9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2Nj
|
||||||
|
Y2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj/8AAEQgAkAB4AwEi
|
||||||
|
AAIRAQMRAf/EABsAAAIDAQEBAAAAAAAAAAAAAAQFAgMGAAEH/8QAMRAAAgICAQMD
|
||||||
|
AgQGAgMAAAAAAQIAAwQRIRIxQQVRYRMiBjJxgRQVI5GhsXLBNGLw/8QAGQEAAwEB
|
||||||
|
AQAAAAAAAAAAAAAAAQIDBAAF/8QAIhEAAgIDAQACAgMAAAAAAAAAAAECEQMhMRIy
|
||||||
|
QQRRIjNh/9oADAMBAAIRAxEAPwAL1O1VpCbHUxB1CqLVurDqf1HtFWbiPSessXUn
|
||||||
|
8x7wnEwCFD2Oyk+FOp5jjHwtlw22xaay7nQH+Zn2PUxPudxrlYBdSyWOzDwx3F9d
|
||||||
|
O0LOdAf5j4vKV2cVT2vINLEoeSNSrIvVONaErqtRjpiw35Eq02hq+hhVk2kg7BBn
|
||||||
|
ttz2ApvQJ5EoRkB0AdjyDJ9LqDxsHzJ0kxvJBmVSBo8yPV93Yj9ZB9g8ElvYSVeR
|
||||||
|
oBbBxHOGnp+WtafSt4HcN4jA5FIXZtTX/KI0euwaVxv+0i6kHtJPGpMVxCc/KGQ4
|
||||||
|
VPyL/mCTp0vFKKpACvTTWM+g2u1aBxtlOiJ0n6SXHqeOalVn6xoMdAzpLJ0IV6hY
|
||||||
|
qY5DdyRofvCK3WxA6nYMU52NdW3W7/UB46pdh4ty1/UNprU86HmTcF4uxQ6+1aqy
|
||||||
|
7HQEUqfqVs/jZleZa1t30+tnAPmX0aWoIfJhUfKKQQufEe+4kj7QdCNsH0BnUMx0
|
||||||
|
IRh1Cy0ccAzQogVABBPLLiNEccVsV0ehU19zsy630iuwaHA+IxBkhxI+mNwzt/4e
|
||||||
|
sYH6TACKMz0HKpUnRYfE3g7TjWHU7AMeOWSJtRfUfLHWyh+d8Rnh3C1NPyPf2jv1
|
||||||
|
/wBGVlNtK6PkCZvHY0Fh5HBHxNSmskb+yTj4f+Bjp0n4kZKtxYuvInhEMWK0EYBr
|
||||||
|
GdQbWZE6xtlOiOe86DidBKNijj1BlXEfq88ASrKyVGKGQ9xxqC59OQjB7X617Ajx
|
||||||
|
+0GIIp0TwZFQXlbClZXV9pZjyfEvQkOF3zxBqNu3xuEY4+pmgD3jyKxNF6bTrR1G
|
||||||
|
mtQfCr6KxvvCWIAmR7ND/R5vmSBEjsGe7gATBlglIPPeWqR7wiMjZWHUgiYn1/BO
|
||||||
|
LlGxR9jczcGKfXcYX4TnXIEeEvMjqtUY7Fs6WA/+MLsA6uO0W1Hpt6T4MaNoop+J
|
||||||
|
repEOornTp0cQc5rKMZ+vsRr94kyG+wAe2p699t7D6jkyDr1NzwJCMPGmNE6gFVG
|
||||||
|
u5jH0epf4h7n/KnA+TAqQXsCqI6wkWnG2e2yYmSWjRjQcfUFqHKyo+rVltdJgNuQ
|
||||||
|
bFJrrBUd2J0ILXkpcu1Xt3ERQ0U9Kx4marEaPeEK7MCQYkoAsYBT3javGtCcb7Sb
|
||||||
|
VFCVmQqclpEeq0p3OzF+WCrEOYA99FR6rF2I0Y2LJo09fqNVg+0iSvK3Y7geREWP
|
||||||
|
fSuiamQE66iNiOMf7gdHjUElQqS6jA3jozXXyDGNZ6qRBPV0+n6rcP8A2l2M+6hN
|
||||||
|
r4mZV1olOnrcmdGEK6hzOc6BJ59pdZUKWIB2INkWfTXZ7+JK/T0OtIJ9OO8op7Ls
|
||||||
|
/rNPXiA46qfbmZb0AdecT3HSP9zaVsNaMhm1KjRj+Ni6/HT6LVMv2n24MFxcOmgO
|
||||||
|
Erclho7j5q63HIkRTWvOt/rEUnwe4vYuxsRaz1AHXjcb0/k18QZjttQiv/qDrBPg
|
||||||
|
u9RwxYpcb9jrxFV2BTdWqN1L0+db3NPwTz/aQOLXva8fEKk1wFqqkLsPDqGMtCqW
|
||||||
|
XeyWHeMacUU16XsJai119/8AUk77B1A230Vy+kfPPX9fzS/4I/1KsU64Ms/EB6fV
|
||||||
|
sj/kP9QbHYkhe+u03JfwRB/Jh7H4nTwNusbM6GPBX0suPVbqLPUHJbQ7AQ0nXUfY
|
||||||
|
RdlbPMXGtjS+I1/Cw3dYT34mvU6Ex34VbWZYh8jf+ZrmYATP+R/YzRh3BF/1QFgu
|
||||||
|
RlFRpe5kHZm4WRqrAYlzsmRLKKRcLFVgCw3C68ioN32InycSprhdySvbnsZQGZrN
|
||||||
|
AkH3jJAkrH5dH2Aw3Kq8o76W3AcH09qrzbY5IPjZ5h9tStyNbgYtLjLw+xOPaUIS
|
||||||
|
p0ZdviAVqjBfifX84tA+P9CU4el2fOpH1e7+I9XyH8Byo/bieUn+nuehVQSMrdyb
|
||||||
|
DmIPK60eZ0oqfa68idAjmek/02glnvCt8Qawd50ehYR6Ewp9VqO9K4K/3mybmYGu
|
||||||
|
w1urKdFTsGbnDyUysWu5ezD+x9pH8iLtSLYHqjrX+knzBcfLrexgW/L4A3C3QWHR
|
||||||
|
HEn0VogCKBr2mdNGgo/i6iddBI+ZIZOCBvpGxLBk1pw+v7T0ZeMeQV/ecF0ep6jj
|
||||||
|
kaOl9juQfNr+t0pYGHwZerpfwFUj9J5bi0FeKkB9wJ2hCxT1qDI5N4x8W25jxWpa
|
||||||
|
e1EKAvtM/wDiz1EJSMKs/c/3P8DwIccfUqEnLyrMxsvYWPc87hCj7NQevR/XUIQ8
|
||||||
|
qJ6MjGiyluzDzOnqL0trx3nRAlhHEHtHBhZIUEkQW0fb+sSPR2DFfMd/hzKZDbUx
|
||||||
|
3X1bHwYrsqKV9R4Uf5MYfh9dizffr/6jZWnBnY/mjTK6seDLOnY4gDhqz1DtPUyx
|
||||||
|
v7uJh8mu/wBhTYiWfnM9r9Oxgd7Jg7ZwA2DuVpnffs7hSYG0NUqVOF4E9YhRzF/8
|
||||||
|
yXp13lJvtyW6V+0QeWdYdbcAG6eSBuYR+vOd7rCS7EnfzN1XSEqI78cn3mPwVH1n
|
||||||
|
BUABtcTRgdWRzK6FtR0eYVRyCO8ryqWozLAVPR1cHxoyyoFX34PmapbMyCV3r9J0
|
||||||
|
irHZ7HxOiLQzJ2eF3v3MqI6nA1vmTY70B2ngOupvaIh2W20i/GKyz8OsEays/mB3
|
||||||
|
OR1qxOtzwBuB03vXemUq9AY9veFpuLR0XUkzXdPUkEuo8iEYly31K6ngiXNWD8TH
|
||||||
|
w2dFRXpPInmhDbMcntoyNeGxPI1GsXyUVUlzwI1xscIo40J7Rjqg94SIrdnVRXkM
|
||||||
|
K8d27AKTMRg/+Q+u5aan17I+lhMg/M/Ey9BKqU10vvYYy+FaZHL1DS2vrsrb3GiP
|
||||||
|
eV3YSd1UAfHErwrLjXT9c7bqYCM7F0wIHiUeiK2Kv5c+uqohvjtOjG0Gtg9fHuJ0
|
||||||
|
70zqR//ZiQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEl65J
|
||||||
|
b8At7J/DU7LnSPmWEUNJWCkFAlq0/AkFCRCCj30ACgkQSPmWEUNJWCl50A//a2S6
|
||||||
|
RDjk7/lgVHd4MZC0oWObAPecIOSajj3akdKhHJSh0gXvcZe1MMutcWKhJ25r5Opa
|
||||||
|
gs41Av46rIOlbr9/btECFChMd3Jeysb8Akyg7k2Kws4OVN8OjYAvqUyacEVhfoZ9
|
||||||
|
RS0Q8ldHGshPbMDRwRiXqjq1+Z+0RzOOhPkJLGJV7ARPIShF2TG+AUsb+ybo6ze3
|
||||||
|
LA81UMO2hEnjKoUq5IYo4noA0mjZSU9gXMZ/hU213jYTYOiYWU78DEPt8H6bhGAg
|
||||||
|
pNC480VQ3iK2+RHo3/C9UdP1YkEU6VP5Eag9hc8ZDfRnzk3uG2YAWmNz8Ij9HrXg
|
||||||
|
aZnzEAIdswDzFLOzjnVgcKuAfalFjrhMRuaim7HEQZK9psGMfklK2FuehkE8KjHT
|
||||||
|
Je28vOYqzTj4lhbwfQ5Yblgo28rCLCiVgnF4N1Kh83+RN5lNAl3LOWe6sJaLnONp
|
||||||
|
RN+ZeDsrLYv0e+lEjF8R8ByffmSzqtAXUXkfj60LXfLbzAPB6c6jYUMtqqcFGi6o
|
||||||
|
AxaG9r4f0zhVmjZOiqjrQ6D3k9yp+nou+enkhUiwBllU5TuOP+eTcgGrOykeVeKM
|
||||||
|
G2Jqa1c5xTE2atd105DWlkrJwWsILLq4i2egG7sfogzfkACBtczIi1K4JZMyZMiz
|
||||||
|
QhP3b470OBy4XoylnTaUhCcVK/Lhq7sP6TUarre0JUplcmVteSBTdGFubGV5IDxq
|
||||||
|
ZXJlbXlAb3BlbnN0YWNrLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
|
||||||
|
AQACHgECF4AWIQSXrklvwC3sn8NTsudI+ZYRQ0lYKQUCWrT8CgUJEIKPfQAKCRBI
|
||||||
|
+ZYRQ0lYKc6tD/4/44zoUTP48IgXBLTCkv8ngc66mUkti0eML70J5jzgUFm/0BZ4
|
||||||
|
2y34mi6ZG80vURIKxMRtcoMuAt9LlT68sEl8CBs5MZIgATXM3N7LF6NpXZHJncdM
|
||||||
|
CGCNmnJUVjEivO09lxB74wsx9Hp8TjGdMMl3L5bLM+vR1OA7brA01XiG4EP+50YI
|
||||||
|
xTvb9ICVrysRJ91fA7PbyzhhWchMiYlu5qXiEEsAavk6kIkmfpRwZ/QUUn73Y5Ja
|
||||||
|
zmTjIpLNij5sz8tCcB8AbTZBI5/QmhfH37Y56J0EnV9blIlBRP9XaMEsSz5vLdq5
|
||||||
|
Ubj5U0/Grm7RauKHLFscFhkridDSSi9e/CheHS8qH/ooMWMYHgxEVezsBuhJHzh8
|
||||||
|
QcIGSbhWgRxvAPfYJ7TvHRJQ9d/+tAf1Gu1NrYk8+Blb+h1yzkQqvIvWdAPy0NRO
|
||||||
|
DlQ3lo2Qk5bcGKqTstXkFeC57SAZSqZHQeNqhRU7l8QfPYIEL7bkB4r0yhjsCBk9
|
||||||
|
h2x+HOYHb0GVjN2A8OB29zH46HxCSUV18/JcDGiz15G6cKiRvoneAWmcR95lXY0M
|
||||||
|
URs6Uquvoun5YJ0iKzgVLl7ct4SxYKwYpmWCuTMPlVX2ChqlebgrKxwXtlGa0n2O
|
||||||
|
WHOAjN3A9IFYqLhVE/nhXI+TbA1uaz/hrEF5dQXC4V0aHMuGLSoSk9/HkbkCDQRM
|
||||||
|
E6AEARAAq83wcgaF39i7uHL4isOANf39rCZD6CbsR9miTuRbK9v3fwidszRSuAC6
|
||||||
|
DQ2c5hg2kYQoGX9YqNNeuWQwL6YnoDUY+QbFK1gjuB9lt8F4Neuhs1TPJ1cTbQxa
|
||||||
|
qtj6ijhpC4phX8K+qEezVPcHhaTl3Nouir22XhAH4wy5ArneK6tA+pzwo7tYAkve
|
||||||
|
DFbfLjsZtK9acJLEDnS8RWQLMBowOsJPg2xelnPgm5EliDji/LaBIVro5PbLRN83
|
||||||
|
Joj5pyjhgqH8sSeuvdRJGo/SJJUujPsA0v0o1pgwdzKt8SORpEhm1tkMBNbLWL3n
|
||||||
|
dYYqFRcZl4drN151tmSML2w2yxNxm5DPJZRwkDKdgfSv368jb0/vvDwZXtMiqBIj
|
||||||
|
bzmdDi9rOOHyH4I567uGQ4emjvWGCE0yMx9e9ADtGJjGdQvWFL/eyzuvcKUp38TI
|
||||||
|
RqleuMIV11Zoau0tXvxlBpQr6LPBs2880/32jqvzFOjA8ZdopSE9JU2ABI59QYWa
|
||||||
|
SY3rRaypIJu+DvSCmcg2BYLzIHacYkOO+LxjWnQcdeaX0fdRufQnAUQOhX7tGOUT
|
||||||
|
IsN5vG3SgcO8vAEGmh141/NylfQfctZYKGu2mHkd6Et/us/1aEEGc3JFfkWcw++P
|
||||||
|
r5DWCKYbfS6XqdcKYtuyWjCjPWSEJ3KK5LwLqnWkgdwL8CE3lS0AEQEAAYkCPAQY
|
||||||
|
AQoAJgIbDBYhBJeuSW/ALeyfw1Oy50j5lhFDSVgpBQJatPwSBQkQgo+OAAoJEEj5
|
||||||
|
lhFDSVgpOKoQAOK0hG2VBNLkiCppzdiImlcvzM+jJ1eooioOuICGIpBTO7hmJvIm
|
||||||
|
Te6igBz19sl1CMPAGhL4+HsajSDOOal71AkJOt3qO7e5lbOA8Euo64iDHW2iSw6E
|
||||||
|
lfmgsS8rneYs7cAuHcZF9f14PwJ9pS9aTqxI3gjsYPB5qNXN8lzc4a4VP/WjnNDC
|
||||||
|
O5ZsmsTAKmvo6hoTPNAXomg8CgEgK8N7hTRfCrMkieFz1wlMD38PNkhTJJ7opN/3
|
||||||
|
VxX5mAj+6OqmnhoLtO+VQI+K1cNuad8xsvl+MbOmrK+yEnp15dGevM9ws7ybngJ4
|
||||||
|
qhNXIpFl6fxcTLoalPDLZFWU935RbEIbzj6yYxfJs9nxqYOEDm8oFAwNkK2FNMeS
|
||||||
|
0RYnaat6Ml8/KPTQDg3KNKN7qRcegLofRrE4xIEWV15liASTtFlzR/ZS+kYJN/b9
|
||||||
|
vlcnOAj8SfwFVS5mg7ryHt/eC2Y3tx670o8zqWwSZ1lVomPybJdAFwwY4kWOV2pQ
|
||||||
|
nGtuamOJg9JIGbPb9LLglbXDexbdkWLpN5i++2FUoqe3mGnf+RRAu46RG5PCBZ3+
|
||||||
|
1g+7tCuwVRMT4FTPLmdORJbUQecDkyAD8BE3DuF+7hZrzQi/oiDa8mdvORy4l8fA
|
||||||
|
QtZYZzk5hURw7zRM87IzZedm0dpBseybhKvtvRltOt6pr8h/p+SsnYiL
|
||||||
|
=C5JG
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,71 @@
|
||||||
|
pub rsa4096 2018-01-11 [SC] [expires: 2019-03-23]
|
||||||
|
FB2EE15B2F0F12662B68ED9603750DEC158E5FA2
|
||||||
|
uid [ultimate] Tobias Henkel <tobias.henkel@bmw-carit.de>
|
||||||
|
uid [ultimate] Tobias Henkel <tobias.henkel@bmw.de>
|
||||||
|
sub rsa4096 2018-01-11 [E] [expires: 2019-03-23]
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFpXBi8BEACnNMAX1sljAopBAZ/3fYVBC3R7AwwujALt4PzbysUmy1XKB2zb
|
||||||
|
ZEu8XNyBIYX0DDIBFvTyVHTjY2ztF6VVEovYOc1BdEZivvxSXuK/AWnZDASXmN0Y
|
||||||
|
TlHKiNLo+fI3j1esMIEaKb1DmJOwxSY4MxiUSZ9XRgn0tn/u5kktzjcicnhAmWL5
|
||||||
|
V1H77bHiOu1+N9AWDFslYPdI4vaRcK6Vo3ePyviLSGN6LGX7qHIPyUKGctRQlADL
|
||||||
|
vdyK3tBfexA2GqueLTWBezO9V02BkIQVbvkwrJbx5IOw4xwa+JcJgRT4voxqB4vg
|
||||||
|
ukuJEiovP/JPQ+r7Mp9o+3BzhcePbL5amNLBPYio1tXQ0m675SNplrSRc9tYMaMq
|
||||||
|
uRGXAvgEH1WrO5k1jdwkjmk84h/EPckRO2MKr1Jv6bTotrnkkb7hnXUn533G89e2
|
||||||
|
F4IM6pV0Uf8Y58iaBnWj+C80wp9B8wp8OYI4uhmB7nv0O0ZZl5sal6AMxG9jgaSd
|
||||||
|
Wb/wOTYZRgI9MDC1HKyafxBWuGuK9ZylqzNuQAfPhCUjqXfg1rAR5LKG/Fhpdhjq
|
||||||
|
9ngF8QEKN5jvFXUQzSvTvQVZnbALDPS60D/uyLyWSR61/IzhLiyLnS8AIwUCnKY9
|
||||||
|
RVVn8it4HE0o4MeoX2SWTQgu73Yn6fhMhq3pfNYpYRH/Or2UAo2LZKOQnQARAQAB
|
||||||
|
tCpUb2JpYXMgSGVua2VsIDx0b2JpYXMuaGVua2VsQGJtdy1jYXJpdC5kZT6JAlUE
|
||||||
|
EwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE+y7hWy8PEmYraO2W
|
||||||
|
A3UN7BWOX6IFAlq1BvEFCQI/NEIACgkQA3UN7BWOX6JaIA/8DkfZFwwFu8f+gXGg
|
||||||
|
Cj0x7b8g59zy5EOOrJJ1YLVfesm1s1b15Gdww1VD5imPTsD6wP4CSOpDLFkKDT6r
|
||||||
|
PqBJuIrVWZ/xZE9vkBxNgx/RmWhGXkMklRegAXxcXyse/liFypy+194frtVYM4BJ
|
||||||
|
kq08KQJftZPHoljUX02yfxtsygHl4t4E/zIMSHDjQZ4B/vcE8SXs5/zWrACpu1/l
|
||||||
|
PdP415YQ9pXlhIIMhcl5nFS+DOfVitaIBSkchqadxr1+Qkw31TeSl+dy2s7hneWN
|
||||||
|
2tG3plP1vQA1hzf5UGzMvFCaLYjnBAjKVZF5bqE+bNI2Q5o+U5fCSqFytWy7OW2M
|
||||||
|
cTmf+Flwe1zf4RkVsGHcleweeQ9IDeAGBm/t3YPn2KNIby5/u8csJFcbWsS2v8is
|
||||||
|
7EVwEVv8N1mpa2eK7joYRKDijEy3okKkYoQWOAKSkZwyqpcTVn8gbAIJPiaI96we
|
||||||
|
xErHhrQe42cnKqwVHkLzh66zpEhpgJhjGmmFOfkJUB46vMcoiiowZHsx0wPaWwte
|
||||||
|
0MHHvpmuQYC3+dlbfbGAd2V1K4WtVu2Kng1n/7rY1wGyyIShVjdFThrArkJKErkL
|
||||||
|
yG93fFXqFbqmUjqPWv8qdu3Ncn7LH55j2l3DkYYuu2kEF6zf1lJYU8A46UnNpN4B
|
||||||
|
11FZ/ruMXYGg1iC8QJB7mKhmiXG0JFRvYmlhcyBIZW5rZWwgPHRvYmlhcy5oZW5r
|
||||||
|
ZWxAYm13LmRlPokCVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AW
|
||||||
|
IQT7LuFbLw8SZito7ZYDdQ3sFY5fogUCWrUG8QUJAj80QgAKCRADdQ3sFY5fopnD
|
||||||
|
D/9pB+msaygKwuGZDX10wl5vv8mbmI0Y2nWODIJ4c8uJWAEJgZMSI/R7oYRKiHdV
|
||||||
|
hqv7yTIrX9m3OWq+PLE865dFEtWiXoHiz56leNYFWIUunmjxoW9Kcdb9fVyTRUlI
|
||||||
|
j0o9LKWqZJcihncBlOHVQVNAzeaSaoDQVN40tOInxUKwquvFws1vaKMCan2UJpsw
|
||||||
|
XrfZl/WjLTEHnT+LuSdlDL1uNn9fpR/glVE0damQcah0uUOYRwpVhiPvaThv68cU
|
||||||
|
W1Wwj/7oLt5NS62oByIYcPX5fzFGh+0A6t1PAqdjJp/QvlOjK+KT2VkpghPcVghC
|
||||||
|
zYr7s4WEAYrmvY3QCCIUPaBaoH1ydIXc6ZQp2edfSgi4o1mGOaYziWkvLvKg34S6
|
||||||
|
Yzk211kBE8VZMz98+gpHCo9tA+brChFIB6V2txrHAdhzdd/MnM1SEuB60bzxJ3rX
|
||||||
|
ZMqJNwZguOVxxlBs3hMMapEMSBpVQv2lqFjocw7g7olPMJcaHuC+edxN2krkwpvl
|
||||||
|
lM4hd2jdepA1IT3clsCvMku5UB4f1QUQx+AFxAirTQkczMdjQGi8UtScjULCyO2H
|
||||||
|
M+lQjRYWa7x5FEM8m2+CMyKnyvCS6SQq3Uw9NNJ5PsaMQOwTaedilnmI538qbImZ
|
||||||
|
oChztVVU2byPw0V+R7De7kS5O6TB4Nc/GdrYUoBmeKprwLkCDQRaVwYvARAAu6F3
|
||||||
|
lC4NVK6uxZQT8hVbnmATm5yk1BOVP1pd+HeY1yGzbOPkIhPg6dNjxSEaSRvF26yw
|
||||||
|
jhFI940b9fa/mqPBPCRyt8XkRfZHr91qf/amNxs/LSAgAdGsrpFDG6TVkGDJfPlL
|
||||||
|
6XkdLtQdBuGHiFDABH3SCx4pfYYQvNX0Z0wEYIOm4Dkj2k1ceEDK7oizkZCzHhao
|
||||||
|
mzLKkNHH9rbaq5WV0DxLjQla9JjE1HlMyL5HT/oM9Qs7PCMqqczV0D8gmCcx+uBD
|
||||||
|
j6BWTnpWRgVWVg/O3ulrAU4XaVy8eJ0hiFPBuD1SIFaby2MBlbbJwWWNQtimXc6H
|
||||||
|
zS4YSLWGN7rsU/UDKriFbaycHopD2OAJsx6xvuDV6lWMQhN/3PHMvIpNuqw2IzHA
|
||||||
|
Y+wqHwlsa+xDuVISNc9sVj9le6r7SKJ8VvbgJbrcQ4LIgBvgtqr+PHvE3ygscpUr
|
||||||
|
AKYvEHgu40X+A8Q6VP8DQ5sdTvJbLJSrJVK6uCcS8tzDrLFax/VYAez+PxsXhLKB
|
||||||
|
kv/zG9ZE1Utb+B0OQIlwsK4nIz5p8obdWsrrMSm7JEKh6NQKa4qO1VvsxgARAT6i
|
||||||
|
4CS/8NywYe8eXyN+M9BOl+f7RuzfQukd5dYas3YE+JrHg5TEueUqHxKGQv21PAb3
|
||||||
|
F/yMm7CVTvw30CAZqW0vShw79YWYdEO3lkVB050AEQEAAYkCPAQYAQgAJgIbDBYh
|
||||||
|
BPsu4VsvDxJmK2jtlgN1DewVjl+iBQJatQcNBQkCPzReAAoJEAN1DewVjl+itPIP
|
||||||
|
/RTbOYHUdZWeXcCqGiU5G/+mxlnrEPHR+B5idRZTEPClIzHGuywRai7BLDSq5t+t
|
||||||
|
GAhO4kjKuaUIo7UUOlCK9dgn9l/jl7hh6HEjUX1JAwgpWlnwIJTqAiklZhvx9BWb
|
||||||
|
GBF2mzlDYIR6FP/JBJIWMuBZxnNjMV8lEaH0675xrLHD1W8VJsybqqoqN+zLQrP4
|
||||||
|
YY/xrSQJA968LuxYpWmWbhTzYuNv6fsQSlF36ayrAjxGfJ2zQ7wwfF5Kbo6tFDyx
|
||||||
|
R7UwdVxDc0FmABPs+skbOjjAZP7IB8ZjBb6+BrDCEUXOEfjv7Xwo5RoxmPAH3a8L
|
||||||
|
LuQAKrpz3fwlXyL0vyOtNN2vhGTmR9zCap37PlFZ/zI8VdVRaLenYwcglEtoxy6A
|
||||||
|
d3kFO7ZOdk+D9zVm7inv8aKZ4ru8FLVwSDVEEP00P0a7NbyMs5PkpK29+xqAbkq+
|
||||||
|
4xhq0sW1TdB+7W13G/2nymzJ58x9pXQwSVQZLVIbnmf7rGp0Z+CrcnV+XkZOVqPQ
|
||||||
|
tQvWIshx11oB/oBkUr4109Lg+qOti+jQ1aT8KxVIFBITl1HLm9vpIy24qFLpGdIh
|
||||||
|
wIHaKIZS27Rkje/xzfl6qJ3xBsIY0Bh/z2xe8jvJ55VN2FNDxAXh8i7grV+77Xqh
|
||||||
|
Y1Ls9ADOLHGQfS+2i9J89mU+XCyxNTpbRy/d86WN5Unj
|
||||||
|
=NkrA
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -18,3 +18,4 @@ configure it to meet your needs.
|
||||||
encryption
|
encryption
|
||||||
badges
|
badges
|
||||||
howtos
|
howtos
|
||||||
|
vulnerabilities
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
:title: Vulnerability Reporting
|
||||||
|
|
||||||
|
.. _vulnerability-reporting:
|
||||||
|
|
||||||
|
Vulnerability Reporting
|
||||||
|
=======================
|
||||||
|
|
||||||
|
Zuul strives to be as secure as possible, implementing a layered
|
||||||
|
defense-in-depth approach where any untrusted code is executed and
|
||||||
|
leveraging well-reviewed popular libraries for its cryptographic
|
||||||
|
needs. Still, bugs are inevitable and security bugs are no exception
|
||||||
|
to that rule.
|
||||||
|
|
||||||
|
If you've found a bug in Zuul and you suspect it may compromise the
|
||||||
|
security of some part of the system, we'd appreciate the opportunity
|
||||||
|
to privately discuss the details before any suspected vulnerability
|
||||||
|
is made public. There are a couple possible ways you can bring
|
||||||
|
security bugs to our attention:
|
||||||
|
|
||||||
|
Create a Private Story in StoryBoard
|
||||||
|
------------------------------------
|
||||||
|
|
||||||
|
You can create a private story at the following URL:
|
||||||
|
|
||||||
|
`<https://storyboard.openstack.org/#!/story/new?force_private=true>`_
|
||||||
|
|
||||||
|
Using this particular reporting URL helps prevent you from
|
||||||
|
forgetting to set the ``Private`` checkbox in the new story UI
|
||||||
|
before saving. If you're doing this from a normal story creation
|
||||||
|
workflow instead, please make sure to set this checkbox first.
|
||||||
|
|
||||||
|
Enter a short but memorable title for your vulnerability report and
|
||||||
|
provide risks, concerns or other relevant details in the description
|
||||||
|
field. Where it lists teams and users that can see this story, add
|
||||||
|
the ``zuul-security`` team so they'll be able to work on triaging
|
||||||
|
it. For the initial task, select the project to which this is
|
||||||
|
specific (e.g., ``openstack-infra/zuul`` or
|
||||||
|
``openstack-infra/nodepool``) and if it relates to additional
|
||||||
|
projects you can add another task for each of them making sure to
|
||||||
|
include a relevant title for each task. When you've included all the
|
||||||
|
detail and tasks you want, save the new story and then you can
|
||||||
|
continue commenting on it normally. Please don't remove the
|
||||||
|
``Private`` setting, and instead wait for one of the zuul-security
|
||||||
|
reviewers to do this once it's deemed safe.
|
||||||
|
|
||||||
|
Report via Encrypted E-mail
|
||||||
|
---------------------------
|
||||||
|
|
||||||
|
If the issue is extremely sensitive or you’re otherwise unable to
|
||||||
|
use the task tracker directly, please send an E-mail message to one
|
||||||
|
or more members of the Zuul security team. You’re encouraged to
|
||||||
|
encrypt messages to their OpenPGP keys, which can be found linked
|
||||||
|
below and also on the keyserver network with the following
|
||||||
|
fingerprints:
|
||||||
|
|
||||||
|
.. TODO: add some more contacts/keys here
|
||||||
|
|
||||||
|
* Jeremy Stanley <fungi@yuggoth.org>:
|
||||||
|
`key 0x97ae496fc02dec9fc353b2e748f9961143495829`_ (details__)
|
||||||
|
|
||||||
|
* Tobias Henkel <tobias.henkel@bmw.de>:
|
||||||
|
`key 0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2`_ (details__)
|
||||||
|
|
||||||
|
.. _`key 0x97ae496fc02dec9fc353b2e748f9961143495829`: ../_static/0x97ae496fc02dec9fc353b2e748f9961143495829.txt
|
||||||
|
.. __: https://sks-keyservers.net/pks/lookup?op=vindex&search=0x97ae496fc02dec9fc353b2e748f9961143495829&fingerprint=on
|
||||||
|
|
||||||
|
.. _`key 0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2`: ../_static/0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2.txt
|
||||||
|
.. __: https://sks-keyservers.net/pks/lookup?op=vindex&search=0xfb2ee15b2f0f12662b68ed9603750dec158e5fa2&fingerprint=on
|
Loading…
Reference in New Issue