website/markdown/contact/security.md

51 lines
1.9 KiB
Markdown
Raw Normal View History

# Security related communications
[Go back to main contact page](./index.md){ .md-button }
---
Please consult [my general security policy](../security.md) and any project
or org/project-specific policies (via its own `SECURITY.md` file) before proceeding here.
Otherwise, you'll be ignored at best or blocked/muted and reported as spam at worst.
## Looking for PGP and SSH keys?
If you're looking for my PGP and SSH keys I use in commits and connecting to machines and code forges
over SSH, please [visit this page](../keys/index.md).
## Security questions
I am not a cybersecurity person or have expertise in cryptography, so sorry if I can't reply to you.
I may redirect you to resources or give advice as my capacity allow.
## Submitting security patches
If you also want to submit a security patch, which I appreciate your effort as a maintainer, please DO NOT mention about the vulnerability
within the patch (unless via these methods below).
### via email
Please send security patches at [`~ajhalili2006/security@lists.sr.ht`](mailto:~ajhalili2006/security@lists.sr.ht)
instead of the public inbox if you using email to submit patches. Access to the mailing list
archives is limited to few trusted people alongside myself.
### as confidential GitLab merge request
When submitting a security-sensitive patch in GitLab, don't forget to mark it as
confidential merge request or request to access to security patches-only private fork.
[See GitLab Docs for details](https://docs.gitlab.com/ee/user/project/merge_requests/confidential.html).
### in GitHub private vulnerability reports
On projects with private vulnerability reporting enabled, after submitting your report,
you can push your patches to a private fork specific to that report.
## Notifying regarding data leaks
## See also
* [Encrypted Communications](../user-manual/encrypted-communications.md) for additional guidance
regarding using PGP and EE2E chat over Matrix