탐색 도움말
로그인
phcoder
/
grub-savannah-mirror
의 미러 https://git.savannah.gnu.org/git/grub.git
Watch 1
Star 0
포크 0
파일 이슈 0 위키
트리: 1763d83f54
브랜치 태그
grub-savanna...
/
SECURITY

SECURITY 2.5 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. Security Policy
    2. 

  2. ===============
    3. 

  3. 

  4. To report a vulnerability see "Reporting a Vulnerability" below.
    5. 

  5. 

  6. 

  7. Security Incident Policy
    8. 

  8. ========================
    9. 

  9. 

  10. Security bug reports are treated with special attention and are handled
    11. 

  11. differently from normal bugs. In particular, security sensitive bugs are not
    12. 

  12. handled in public but in private. Information about the bug and access to it
    13. 

  13. is restricted to people in the security group, the individual engineers that
    14. 

  14. work on fixing it, and any other person who needs to be involved for organisational
    15. 

  15. reasons. The process is handled by the security team, which decides on the people
    16. 

  16. involved in order to fix the issue. It is also guaranteed that the person reporting
    17. 

  17. the issue has visibility into the process of fixing it. Any security issue gets
    18. 

  18. prioritized according to its security rating. The issue is opened up to the public
    19. 

  19. in coordination with the release schedule and the reporter.
    20. 

  20. 

  21. 

  22. Disclosure Policy
    23. 

  23. =================
    24. 

  24. 

  25. Everyone involved in the handling of a security issue - including the reporter -
    26. 

  26. is required to adhere to the following policy. Any information related to
    27. 

  27. a security issue must be treated as confidential and only shared with trusted
    28. 

  28. partners if necessary, for example to coordinate a release or manage exposure
    29. 

  29. of clients to the issue. No information must be disclosed to the public before
    30. 

  30. the embargo ends. The embargo time is agreed upon by all involved parties. It
    31. 

  31. should be as short as possible without putting any users at risk.
    32. 

  32. 

  33. 

  34. Supported Versions
    35. 

  35. ==================
    36. 

  36. 

  37. Only the most recent version of the GRUB is supported.
    38. 

  38. 

  39. 

  40. Reporting a Vulnerability
    41. 

  41. =========================
    42. 

  42. 

  43. The security report should be encrypted with the PGP keys and sent to ALL email
    44. 

  44. addresses listed below. Every vulnerability report will be assessed within
    45. 

  45. 72 hours of receiving it. If the outcome of the assessment is that the report
    46. 

  46. describes a security issue, the report will be transferred into an issue on the
    47. 

  47. internal vulnerability project for further processing. The reporter is updated
    48. 

  48. on each step of the process.
    49. 

  49. 

  50. While there's currently no bug bounty program we appreciate every report.
    51. 

  51. 

  52. * Contact: Daniel Kiper <daniel.kiper@oracle.com> and
    53. 

  53.            Daniel Kiper <dkiper@net-space.pl>
    54. 

  54. * PGP Key Fingerprint: BE5C 2320 9ACD DACE B20D  B0A2 8C81 89F1 988C 2166
    55. 

  55. 

  56. * Contact: Alex Burmashev <alexander.burmashev@oracle.com>
    57. 

  57. * PGP Key Fingerprint: 50A4 EC06 EF7E B84D 67E0  3BB6 2AE2 C87E 28EF 2E6E
    58. 

  58. 

  59. * Contact: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
    60. 

  60. * PGP Key Fingerprint: E53D 497F 3FA4 2AD8 C9B4  D1E8 35A9 3B74 E82E 4209
    61. 

  61.