guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Call for volunteer(s) for Guix "security" web page

From: Leo Famulari
Subject: Call for volunteer(s) for Guix "security" web page
Date: Fri, 16 Sep 2016 12:14:58 -0400
User-agent: Mutt/1.7.0 (2016-08-17) 
Hello!

GNU Guix should make it easier for bug reporters to contact us to report
issues in Guix and Guix packages.

So, we'd like to add a short "Security" page to our web site [0]. This
page should:

1) Explain how to contact us privately about security issues [1],

2) Describe the Guix release signing key [2],

3) And include a link to the security updates section of the manual [3].

The page should be clear and concise. The main objectives are to make it
easy for bug reporters to learn how to contact us, and to make it easy
for anyone to know which key is used to sign our downloads.

Does anyone volunteer to make this page?

I like this example, although it does some things we don't plan to do at
this time, such as provide a key for securely contacting the project,
and explain how to use GnuPG:

https://syncthing.net/security.html

[0] Our web site is maintained in guix-artwork.git:
git://git.savannah.gnu.org/guix/guix-artwork.git

[1] Private communication should go to <address@hidden>
https://lists.gnu.org/mailman/listinfo/guix-security

[2] The key should be described by the key fingerprint.
https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html

[3]
https://www.gnu.org/software/guix/manual/html_node/Security-Updates.html

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]