Home Esplora Aiuto
Registrati Accedi
nee2c
/
salt
mirror da https://github.com/nee2c/salt.git
1
0
Forka 0
File Problemi 0 Wiki
Ramo (Branch): master
Rami (Branch) Tag
salt
/
doc
/
security
/
index.rst

index.rst 6.7 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. .. _disclosure:
    2. 

  2. 

  3. ==========================
    4. 

  4. Security disclosure policy
    5. 

  5. ==========================
    6. 

  6. 

  7. :email: security@saltstack.com
    8. 

  8. :gpg key ID: 4EA0793D
    9. 

  9. :gpg key fingerprint: ``8ABE 4EFC F0F4 B24B FF2A  AF90 D570 F2D3 4EA0 793D``
    10. 

  10. 

  11. **gpg public key:**
    12. 

  12. 

  13. .. code-block:: text
    14. 

  14. 

  15.     -----BEGIN PGP PUBLIC KEY BLOCK-----
    16. 

  16. 

  17.     mQINBFO15mMBEADa3CfQwk5ED9wAQ8fFDku277CegG3U1hVGdcxqKNvucblwoKCb
    18. 

  18.     hRK6u9ihgaO9V9duV2glwgjytiBI/z6lyWqdaD37YXG/gTL+9Md+qdSDeaOa/9eg
    19. 

  19.     7y+g4P+FvU9HWUlujRVlofUn5Dj/IZgUywbxwEybutuzvvFVTzsn+DFVwTH34Qoh
    20. 

  20.     QIuNzQCSEz3Lhh8zq9LqkNy91ZZQO1ZIUrypafspH6GBHHcE8msBFgYiNBnVcUFH
    21. 

  21.     u0r4j1Rav+621EtD5GZsOt05+NJI8pkaC/dDKjURcuiV6bhmeSpNzLaXUhwx6f29
    22. 

  22.     Vhag5JhVGGNQxlRTxNEM86HEFp+4zJQ8m/wRDrGX5IAHsdESdhP+ljDVlAAX/ttP
    23. 

  23.     /Ucl2fgpTnDKVHOA00E515Q87ZHv6awJ3GL1veqi8zfsLaag7rw1TuuHyGLOPkDt
    24. 

  24.     t5PAjsS9R3KI7pGnhqI6bTOi591odUdgzUhZChWUUX1VStiIDi2jCvyoOOLMOGS5
    25. 

  25.     AEYXuWYP7KgujZCDRaTNqRDdgPd93Mh9JI8UmkzXDUgijdzVpzPjYgFaWtyK8lsc
    26. 

  26.     Fizqe3/Yzf9RCVX/lmRbiEH+ql/zSxcWlBQd17PKaL+TisQFXcmQzccYgAxFbj2r
    27. 

  27.     QHp5ABEu9YjFme2Jzun7Mv9V4qo3JF5dmnUk31yupZeAOGZkirIsaWC3hwARAQAB
    28. 

  28.     tDBTYWx0U3RhY2sgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAc2FsdHN0YWNrLmNv
    29. 

  29.     bT6JAj4EEwECACgFAlO15mMCGwMFCQeGH4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
    30. 

  30.     AheAAAoJENVw8tNOoHk9z/MP/2vzY27fmVxU5X8joiiturjlgEqQw41IYEmWv1Bw
    31. 

  31.     4WVXYCHP1yu/1MC1uuvOmOd5BlI8YO2C2oyW7d1B0NorguPtz55b7jabCElekVCh
    32. 

  32.     h/H4ZVThiwqgPpthRv/2npXjIm7SLSs/kuaXo6Qy2JpszwDVFw+xCRVL0tH9KJxz
    33. 

  33.     HuNBeVq7abWD5fzIWkmGM9hicG/R2D0RIlco1Q0VNKy8klG+pOFOW886KnwkSPc7
    34. 

  34.     JUYp1oUlHsSlhTmkLEG54cyVzrTP/XuZuyMTdtyTc3mfgW0adneAL6MARtC5UB/h
    35. 

  35.     q+v9dqMf4iD3wY6ctu8KWE8Vo5MUEsNNO9EA2dUR88LwFZ3ZnnXdQkizgR/Aa515
    36. 

  36.     dm17vlNkSoomYCo84eN7GOTfxWcq+iXYSWcKWT4X+h/ra+LmNndQWQBRebVUtbKE
    37. 

  37.     ZDwKmiQz/5LY5EhlWcuU4lVmMSFpWXt5FR/PtzgTdZAo9QKkBjcv97LYbXvsPI69
    38. 

  38.     El1BLAg+m+1UpE1L7zJT1il6PqVyEFAWBxW46wXCCkGssFsvz2yRp0PDX8A6u4yq
    39. 

  39.     rTkt09uYht1is61joLDJ/kq3+6k8gJWkDOW+2NMrmf+/qcdYCMYXmrtOpg/wF27W
    40. 

  40.     GMNAkbdyzgeX/MbUBCGCMdzhevRuivOI5bu4vT5s3KdshG+yhzV45bapKRd5VN+1
    41. 

  41.     mZRqiQJVBBMBCAA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBIq+Tvzw
    42. 

  42.     9LJL/yqvkNVw8tNOoHk9BQJe1uRXBQkPoTz0AAoJENVw8tNOoHk9akAQANKIDIBY
    43. 

  43.     J3DmWH3g6rWURdREQcBVfMkw6j5MHlIEwlGrN3whSaPv2KR3tatRccBCQ0olQeYb
    44. 

  44.     ZeFtPuf0Du+LqGaAePo5DkPNU7GHoba2+ZE/sJ4wZ4CzAQM6+LvH2iLHeLZ1VLlu
    45. 

  45.     ZEftxD1RFKTqpnav8KiyYGkeFuEn4eMSIhbudp/8wkN40sCWL22D141EhVSRvLlO
    46. 

  46.     BMUpTWdtSYTg0F2pgQL5U2A56syuiwUwPXzQb45JEJILmG8zkeJB9s8kGtErypIH
    47. 

  47.     P+qxJXq24woGUFeJjiLdiOhI6/YoVBACUkKmig36CGf/DH5NAeQECeZq3YBNp7XK
    48. 

  48.     tsF1dPitxuTM/UkOHoHUnGhDlBcQMWe9WuBK4rA+7GH9NT8o7M6+2OKhk181tJ+s
    49. 

  49.     Y2kP7RSXOV162thRsNvVImXajAIFTR3ksEDFGVq/4jh85jFoIbNH3x27NxOu6e2p
    50. 

  50.     OIkXNXmSFXLUmwbfEfIk06gqP3xzkaj+eWHcLDkn9bUKblBJhHdhf9Vsy/N2NRW2
    51. 

  51.     23c64qDutw1NX7msDuN3KXisim+isBzPVVzymkkhkXK+UpjrRR0ePvph3fnGf1bc
    52. 

  52.     NipVtn1KKM7kurSrSjFVLwLi52SGnEHKJnbbhh+AKV09SNYi6IaKL8yw8c1d0K80
    53. 

  53.     PlBaJEvkC6myzaaRtYcna4pbiIysBaZtwDOOuQINBFO15mMBEAC5UuLii9ZLz6qH
    54. 

  54.     fIJp35IOW9U8SOf7QFhzXR7NZ3DmJsd3f6Nb/habQFIHjm3K9wbpj+FvaW2oWRlF
    55. 

  55.     VvYdzjUq6c82GUUjW1dnqgUvFwdmM8351n0YQ2TonmyaF882RvsRZrbJ65uvy7SQ
    56. 

  56.     xlouXaAYOdqwLsPxBEOyOnMPSktW5V2UIWyxsNP3sADchWIGq9p5D3Y/loyIMsS1
    57. 

  57.     dj+TjoQZOKSj7CuRT98+8yhGAY8YBEXu9r3I9o6mDkuPpAljuMc8r09Im6az2egt
    58. 

  58.     K/szKt4Hy1bpSSBZU4W/XR7XwQNywmb3wxjmYT6Od3Mwj0jtzc3gQiH8hcEy3+BO
    59. 

  59.     +NNmyzFVyIwOLziwjmEcw62S57wYKUVnHD2nglMsQa8Ve0e6ABBMEY7zGEGStva5
    60. 

  60.     9rfgeh0jUMJiccGiUDTMs0tdkC6knYKbu/fdRqNYFoNuDcSeLEw4DdCuP01l2W4y
    61. 

  61.     Y+fiK6hAcL25amjzc+yYo9eaaqTn6RATbzdhHQZdpAMxY+vNT0+NhP1Zo5gYBMR6
    62. 

  62.     5Zp/VhFsf67ijb03FUtdw9N8dHwiR2m8vVA8kO/gCD6wS2p9RdXqrJ9JhnHYWjiV
    63. 

  63.     uXR+f755ZAndyQfRtowMdQIoiXuJEXYw6XN+/BX81gJaynJYc0uw0MnxWQX+A5m8
    64. 

  64.     HqEsbIFUXBYXPgbwXTm7c4IHGgXXdwARAQABiQI8BBgBCAAmAhsMFiEEir5O/PD0
    65. 

  65.     skv/Kq+Q1XDy006geT0FAl7W5K0FCQ+hPUoACgkQ1XDy006geT1Q0Q//atnw1D4J
    66. 

  66.     13nL8Mygk+ANY4Xljub/TeZqKtzmnWGso843XysErLH1adCu1KDX1Dj4/o3WoPOt
    67. 

  67.     0O78uSS81N428ocOPKx+fA63n7q1mRqHHy6pLLVKoT66tmvE1ZN0ObaiPK9IxZkB
    68. 

  68.     ThGlHJk9VaUg0vzAaRznogWeBh1dyZktVrtbUO5u4xDX9iql/unVmCWm+U1R7t4q
    69. 

  69.     fqPEbk8ZnWc7x4bAZf8/vSQ93mAbpnRRuJdDK9tsiuhl8pRz7OyzvMS81rVF75ja
    70. 

  70.     7CcShPofrW4yZ7FqAUMwTbfrvsAraWmDjW17Ao7C2dUA9ViwSKJ6u6Pd5no/hwbm
    71. 

  71.     jVoxtO2RvjGOBxKneD36uENAUMBExjDTkSHmOxUYSknrEKUy7P1OL2ZHLG8/rouN
    72. 

  72.     5ZvIxHiMkz12ukSt29IHvCngn1UB4/7+tvDHqug4ZAZPuwH7TC5Hk6WO0OoK8Eb2
    73. 

  73.     sQa2QoehQjwK0IakGd5kFEqKgbrwYPPa3my7l58nOZmPHdMcTOzgKvUEYAITjsT4
    74. 

  74.     oOtocs9Nj+cfCfp6YUn6JeYfiHs+Xhze5igdWIl0ZO5rTmbqcD8A1URKBds0WA+G
    75. 

  75.     FLP9shPC0rS/L3Y1fKhqAc0h+znWBU6xjipTkmzh3FdM8gGT6g9YwGQNbi/x47k5
    76. 

  76.     vtBIWO4LPeGEvb2Gs65PL2eouOqU6yvBr5Y=
    77. 

  77.     =F/97
    78. 

  78.     -----END PGP PUBLIC KEY BLOCK-----
    79. 

  79. 

  80. The SaltStack Security Team is available at security@saltstack.com for
    81. 

  81. security-related bug reports or questions.
    82. 

  82. 

  83. We request the disclosure of any security-related bugs or issues be reported
    84. 

  84. non-publicly until such time as the issue can be resolved and a security-fix
    85. 

  85. release can be prepared. At that time we will release the fix and make a public
    86. 

  86. announcement with upgrade instructions and download locations.
    87. 

  87. 

  88. Security response procedure
    89. 

  89. ===========================
    90. 

  90. 

  91. SaltStack takes security and the trust of our customers and users very
    92. 

  92. seriously. Our disclosure policy is intended to resolve security issues as
    93. 

  93. quickly and safely as is possible.
    94. 

  94. 

  95. 1.  A security report sent to security@saltstack.com is assigned to a team
    96. 

  96.     member. This person is the primary contact for questions and will
    97. 

  97.     coordinate the fix, release, and announcement.
    98. 

  98. 

  99. 2.  The reported issue is reproduced and confirmed. A list of affected projects
    100. 

  100.     and releases is made.
    101. 

  101. 

  102. 3.  Fixes are implemented for all affected projects and releases that are
    103. 

  103.     actively supported. Back-ports of the fix are made to any old releases that
    104. 

  104.     are actively supported.
    105. 

  105. 

  106. 4.  Packagers are notified via the `salt-packagers`_ mailing list that an issue
    107. 

  107.     was reported and resolved, and that an announcement is incoming.
    108. 

  108. 

  109. 5.  A new release is created and pushed to all affected repositories. The
    110. 

  110.     release documentation provides a full description of the issue, plus any
    111. 

  111.     upgrade instructions or other relevant details.
    112. 

  112. 

  113. 6.  An announcement is made to the `salt-users`_ and `salt-announce`_ mailing
    114. 

  114.     lists. The announcement contains a description of the issue and a link to
    115. 

  115.     the full release documentation and download locations.
    116. 

  116. 

  117. .. _saltstack_security_announcements:
    118. 

  118. 

  119. Receiving security announcements
    120. 

  120. ================================
    121. 

  121. 

  122. The following mailing lists, per the previous tasks identified in our response
    123. 

  123. procedure, will receive security-relevant notifications:
    124. 

  124. 

  125. * `salt-packagers`_
    126. 

  126. * `salt-users`_
    127. 

  127. * `salt-announce`_
    128. 

  128. 

  129. In addition to the mailing lists, SaltStack also provides the following resources:
    130. 

  130. 

  131. * `SaltStack Security Announcements <https://www.saltstack.com/security-announcements/>`__ landing page
    132. 

  132. * `SaltStack Security RSS Feed <http://www.saltstack.com/feed/?post_type=security>`__
    133. 

  133. * `SaltStack Community Slack Workspace <http://saltstackcommunity.slack.com/>`__
    134.