Головна сторінка Огляд Довідка
Реєстрація Увійти
nee2c
/
salt
дзеркало https://github.com/nee2c/salt.git
1
0
Відгалуження 0
Файли Проблеми 0 Wiki
Гілка: neon
Гілки Теги
salt
/
doc
/
security
/
index.rst

index.rst 5.4 KB
Постійне посилання Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. .. _disclosure:
    2. 

  2. 

  3. ==========================
    4. 

  4. Security disclosure policy
    5. 

  5. ==========================
    6. 

  6. 

  7. :email: security@saltstack.com
    8. 

  8. :gpg key ID: 4EA0793D
    9. 

  9. :gpg key fingerprint: ``8ABE 4EFC F0F4 B24B FF2A  AF90 D570 F2D3 4EA0 793D``
    10. 

  10. 

  11. **gpg public key:**
    12. 

  12. 

  13. .. code-block:: text
    14. 

  14. 

  15.     -----BEGIN PGP PUBLIC KEY BLOCK-----
    16. 

  16.     Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
    17. 

  17. 

  18.     mQINBFO15mMBEADa3CfQwk5ED9wAQ8fFDku277CegG3U1hVGdcxqKNvucblwoKCb
    19. 

  19.     hRK6u9ihgaO9V9duV2glwgjytiBI/z6lyWqdaD37YXG/gTL+9Md+qdSDeaOa/9eg
    20. 

  20.     7y+g4P+FvU9HWUlujRVlofUn5Dj/IZgUywbxwEybutuzvvFVTzsn+DFVwTH34Qoh
    21. 

  21.     QIuNzQCSEz3Lhh8zq9LqkNy91ZZQO1ZIUrypafspH6GBHHcE8msBFgYiNBnVcUFH
    22. 

  22.     u0r4j1Rav+621EtD5GZsOt05+NJI8pkaC/dDKjURcuiV6bhmeSpNzLaXUhwx6f29
    23. 

  23.     Vhag5JhVGGNQxlRTxNEM86HEFp+4zJQ8m/wRDrGX5IAHsdESdhP+ljDVlAAX/ttP
    24. 

  24.     /Ucl2fgpTnDKVHOA00E515Q87ZHv6awJ3GL1veqi8zfsLaag7rw1TuuHyGLOPkDt
    25. 

  25.     t5PAjsS9R3KI7pGnhqI6bTOi591odUdgzUhZChWUUX1VStiIDi2jCvyoOOLMOGS5
    26. 

  26.     AEYXuWYP7KgujZCDRaTNqRDdgPd93Mh9JI8UmkzXDUgijdzVpzPjYgFaWtyK8lsc
    27. 

  27.     Fizqe3/Yzf9RCVX/lmRbiEH+ql/zSxcWlBQd17PKaL+TisQFXcmQzccYgAxFbj2r
    28. 

  28.     QHp5ABEu9YjFme2Jzun7Mv9V4qo3JF5dmnUk31yupZeAOGZkirIsaWC3hwARAQAB
    29. 

  29.     tDBTYWx0U3RhY2sgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAc2FsdHN0YWNrLmNv
    30. 

  30.     bT6JAj4EEwECACgFAlO15mMCGwMFCQeGH4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
    31. 

  31.     AheAAAoJENVw8tNOoHk9z/MP/2vzY27fmVxU5X8joiiturjlgEqQw41IYEmWv1Bw
    32. 

  32.     4WVXYCHP1yu/1MC1uuvOmOd5BlI8YO2C2oyW7d1B0NorguPtz55b7jabCElekVCh
    33. 

  33.     h/H4ZVThiwqgPpthRv/2npXjIm7SLSs/kuaXo6Qy2JpszwDVFw+xCRVL0tH9KJxz
    34. 

  34.     HuNBeVq7abWD5fzIWkmGM9hicG/R2D0RIlco1Q0VNKy8klG+pOFOW886KnwkSPc7
    35. 

  35.     JUYp1oUlHsSlhTmkLEG54cyVzrTP/XuZuyMTdtyTc3mfgW0adneAL6MARtC5UB/h
    36. 

  36.     q+v9dqMf4iD3wY6ctu8KWE8Vo5MUEsNNO9EA2dUR88LwFZ3ZnnXdQkizgR/Aa515
    37. 

  37.     dm17vlNkSoomYCo84eN7GOTfxWcq+iXYSWcKWT4X+h/ra+LmNndQWQBRebVUtbKE
    38. 

  38.     ZDwKmiQz/5LY5EhlWcuU4lVmMSFpWXt5FR/PtzgTdZAo9QKkBjcv97LYbXvsPI69
    39. 

  39.     El1BLAg+m+1UpE1L7zJT1il6PqVyEFAWBxW46wXCCkGssFsvz2yRp0PDX8A6u4yq
    40. 

  40.     rTkt09uYht1is61joLDJ/kq3+6k8gJWkDOW+2NMrmf+/qcdYCMYXmrtOpg/wF27W
    41. 

  41.     GMNAkbdyzgeX/MbUBCGCMdzhevRuivOI5bu4vT5s3KdshG+yhzV45bapKRd5VN+1
    42. 

  42.     mZRquQINBFO15mMBEAC5UuLii9ZLz6qHfIJp35IOW9U8SOf7QFhzXR7NZ3DmJsd3
    43. 

  43.     f6Nb/habQFIHjm3K9wbpj+FvaW2oWRlFVvYdzjUq6c82GUUjW1dnqgUvFwdmM835
    44. 

  44.     1n0YQ2TonmyaF882RvsRZrbJ65uvy7SQxlouXaAYOdqwLsPxBEOyOnMPSktW5V2U
    45. 

  45.     IWyxsNP3sADchWIGq9p5D3Y/loyIMsS1dj+TjoQZOKSj7CuRT98+8yhGAY8YBEXu
    46. 

  46.     9r3I9o6mDkuPpAljuMc8r09Im6az2egtK/szKt4Hy1bpSSBZU4W/XR7XwQNywmb3
    47. 

  47.     wxjmYT6Od3Mwj0jtzc3gQiH8hcEy3+BO+NNmyzFVyIwOLziwjmEcw62S57wYKUVn
    48. 

  48.     HD2nglMsQa8Ve0e6ABBMEY7zGEGStva59rfgeh0jUMJiccGiUDTMs0tdkC6knYKb
    49. 

  49.     u/fdRqNYFoNuDcSeLEw4DdCuP01l2W4yY+fiK6hAcL25amjzc+yYo9eaaqTn6RAT
    50. 

  50.     bzdhHQZdpAMxY+vNT0+NhP1Zo5gYBMR65Zp/VhFsf67ijb03FUtdw9N8dHwiR2m8
    51. 

  51.     vVA8kO/gCD6wS2p9RdXqrJ9JhnHYWjiVuXR+f755ZAndyQfRtowMdQIoiXuJEXYw
    52. 

  52.     6XN+/BX81gJaynJYc0uw0MnxWQX+A5m8HqEsbIFUXBYXPgbwXTm7c4IHGgXXdwAR
    53. 

  53.     AQABiQIlBBgBAgAPBQJTteZjAhsMBQkHhh+AAAoJENVw8tNOoHk91rcQAIhxLv4g
    54. 

  54.     duF/J1Cyf6Wixz4rqslBQ7DgNztdIUMjCThg3eB6pvIzY5d3DNROmwU5JvGP1rEw
    55. 

  55.     hNiJhgBDFaB0J/y28uSci+orhKDTHb/cn30IxfuAuqrv9dujvmlgM7JUswOtLZhs
    56. 

  56.     5FYGa6v1RORRWhUx2PQsF6ORg22QAaagc7OlaO3BXBoiE/FWsnEQCUsc7GnnPqi7
    57. 

  57.     um45OJl/pJntsBUKvivEU20fj7j1UpjmeWz56NcjXoKtEvGh99gM5W2nSMLE3aPw
    58. 

  58.     vcKhS4yRyLjOe19NfYbtID8m8oshUDji0XjQ1z5NdGcf2V1YNGHU5xyK6zwyGxgV
    59. 

  59.     xZqaWnbhDTu1UnYBna8BiUobkuqclb4T9k2WjbrUSmTwKixokCOirFDZvqISkgmN
    60. 

  60.     r6/g3w2TRi11/LtbUciF0FN2pd7rj5mWrOBPEFYJmrB6SQeswWNhr5RIsXrQd/Ho
    61. 

  61.     zvNm0HnUNEe6w5YBfA6sXQy8B0Zs6pcgLogkFB15TuHIIIpxIsVRv5z8SlEnB7HQ
    62. 

  62.     Io9hZT58yjhekJuzVQB9loU0C/W0lzci/pXTt6fd9puYQe1DG37pSifRG6kfHxrR
    63. 

  63.     if6nRyrfdTlawqbqdkoqFDmEybAM9/hv3BqriGahGGH/hgplNQbYoXfNwYMYaHuB
    64. 

  64.     aSkJvrOQW8bpuAzgVyd7TyNFv+t1kLlfaRYJ
    65. 

  65.     =wBTJ
    66. 

  66.     -----END PGP PUBLIC KEY BLOCK-----
    67. 

  67. 

  68. The SaltStack Security Team is available at security@saltstack.com for
    69. 

  69. security-related bug reports or questions.
    70. 

  70. 

  71. We request the disclosure of any security-related bugs or issues be reported
    72. 

  72. non-publicly until such time as the issue can be resolved and a security-fix
    73. 

  73. release can be prepared. At that time we will release the fix and make a public
    74. 

  74. announcement with upgrade instructions and download locations.
    75. 

  75. 

  76. Security response procedure
    77. 

  77. ===========================
    78. 

  78. 

  79. SaltStack takes security and the trust of our customers and users very
    80. 

  80. seriously. Our disclosure policy is intended to resolve security issues as
    81. 

  81. quickly and safely as is possible.
    82. 

  82. 

  83. 1.  A security report sent to security@saltstack.com is assigned to a team
    84. 

  84.     member. This person is the primary contact for questions and will
    85. 

  85.     coordinate the fix, release, and announcement.
    86. 

  86. 

  87. 2.  The reported issue is reproduced and confirmed. A list of affected projects
    88. 

  88.     and releases is made.
    89. 

  89. 

  90. 3.  Fixes are implemented for all affected projects and releases that are
    91. 

  91.     actively supported. Back-ports of the fix are made to any old releases that
    92. 

  92.     are actively supported.
    93. 

  93. 

  94. 4.  Packagers are notified via the `salt-packagers`_ mailing list that an issue
    95. 

  95.     was reported and resolved, and that an announcement is incoming.
    96. 

  96. 

  97. 5.  A new release is created and pushed to all affected repositories. The
    98. 

  98.     release documentation provides a full description of the issue, plus any
    99. 

  99.     upgrade instructions or other relevant details.
    100. 

  100. 

  101. 6.  An announcement is made to the `salt-users`_ and `salt-announce`_ mailing
    102. 

  102.     lists. The announcement contains a description of the issue and a link to
    103. 

  103.     the full release documentation and download locations.
    104. 

  104. 

  105. Receiving security announcements
    106. 

  106. ================================
    107. 

  107. 

  108. The fastest place to receive security announcements is via the `salt-announce`_
    109. 

  109. mailing list. This list is low-traffic.
    110.