2023-09-30 17:58:04 +00:00
|
|
|
# Security related communications
|
|
|
|
|
2023-10-05 02:08:09 +00:00
|
|
|
[Go back to main contact page](./index.md){ .md-button }
|
2023-09-30 17:58:04 +00:00
|
|
|
|
|
|
|
---
|
|
|
|
|
2023-10-05 02:08:09 +00:00
|
|
|
Please consult [my general security policy](../security.md) and any project
|
|
|
|
or org/project-specific policies (via its own `SECURITY.md` file) before proceeding here.
|
|
|
|
Otherwise, you'll be ignored at best or blocked/muted and reported as spam at worst.
|
2023-09-30 17:58:04 +00:00
|
|
|
|
2024-07-26 19:44:43 +00:00
|
|
|
## Looking for PGP and SSH keys?
|
2023-09-30 17:58:04 +00:00
|
|
|
|
2024-07-26 19:44:43 +00:00
|
|
|
If you're looking for my PGP and SSH keys I use in commits and connecting to machines and code forges
|
|
|
|
over SSH, please [visit this page](../keys/index.md).
|
|
|
|
|
|
|
|
## Security questions
|
|
|
|
|
|
|
|
I am not a cybersecurity person or have expertise in cryptography, so sorry if I can't reply to you.
|
|
|
|
I may redirect you to resources or give advice as my capacity allow.
|
2023-09-30 17:58:04 +00:00
|
|
|
|
2023-10-05 02:08:09 +00:00
|
|
|
## Submitting security patches
|
|
|
|
|
2024-07-26 19:44:43 +00:00
|
|
|
If you also want to submit a security patch, which I appreciate your effort as a maintainer, please DO NOT mention about the vulnerability
|
|
|
|
within the patch (unless via these methods below).
|
2023-10-05 02:08:09 +00:00
|
|
|
|
|
|
|
### via email
|
|
|
|
|
|
|
|
Please send security patches at [`~ajhalili2006/security@lists.sr.ht`](mailto:~ajhalili2006/security@lists.sr.ht)
|
2023-12-16 17:07:22 +00:00
|
|
|
instead of the public inbox if you using email to submit patches. Access to the mailing list
|
|
|
|
archives is limited to few trusted people alongside myself.
|
|
|
|
|
|
|
|
### as confidential GitLab merge request
|
|
|
|
|
2024-07-26 19:44:43 +00:00
|
|
|
When submitting a security-sensitive patch in GitLab, don't forget to mark it as
|
2023-12-16 17:07:22 +00:00
|
|
|
confidential merge request or request to access to security patches-only private fork.
|
|
|
|
[See GitLab Docs for details](https://docs.gitlab.com/ee/user/project/merge_requests/confidential.html).
|
2023-10-05 02:08:09 +00:00
|
|
|
|
2024-07-26 19:44:43 +00:00
|
|
|
### in GitHub private vulnerability reports
|
|
|
|
|
|
|
|
On projects with private vulnerability reporting enabled, after submitting your report,
|
|
|
|
you can push your patches to a private fork specific to that report.
|
|
|
|
|
|
|
|
## Notifying regarding data leaks
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-10-05 02:08:09 +00:00
|
|
|
## See also
|
|
|
|
|
|
|
|
* [Encrypted Communications](../user-manual/encrypted-communications.md) for additional guidance
|
|
|
|
regarding using PGP and EE2E chat over Matrix
|