From 4df252c26b395fc86b53d6565fc25342be3a0a58 Mon Sep 17 00:00:00 2001 From: axelsimon Date: Thu, 23 Jul 2020 20:07:37 +0100 Subject: [PATCH] Move vuln disclosure RFC to PROPOSED - Final tweaks and typo corrections - Move vuln disclosure RFC directory to root of RFC directory (we have done away with the "concepts" etc. directories) --- .../README.md | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) rename concepts/Vulnerability_disclosure_and_embargo_policy/00004-Vulnerability_disclosure_and_embargo_policy.md => 00002-vulnerability-disclosure-and-embargo-policy/README.md (94%) diff --git a/concepts/Vulnerability_disclosure_and_embargo_policy/00004-Vulnerability_disclosure_and_embargo_policy.md b/00002-vulnerability-disclosure-and-embargo-policy/README.md similarity index 94% rename from concepts/Vulnerability_disclosure_and_embargo_policy/00004-Vulnerability_disclosure_and_embargo_policy.md rename to 00002-vulnerability-disclosure-and-embargo-policy/README.md index 93ce4cb9..8c389611 100644 --- a/concepts/Vulnerability_disclosure_and_embargo_policy/00004-Vulnerability_disclosure_and_embargo_policy.md +++ b/00002-vulnerability-disclosure-and-embargo-policy/README.md @@ -1,10 +1,10 @@ -# RFC00004: Vulnerability Disclosure and Embargo Policy +# 00002: Vulnerability Disclosure and Embargo Policy - Authors: [axel simon](github@axelsimon.net) - Status: [PROPOSED](/README.md#proposed) - Since: 2020-03-10 -- Status Note: under discussion +- Status Note: ready to be trialed - Supersedes: N/A -- Start Date: 2020-03-03 (date you started working on this idea) +- Start Date: 2020-03-03 - Tags: security, infrastructure ## Summary @@ -42,7 +42,7 @@ In other words: ## Tutorial This RFC aims to provide a set of documents (ex. wiki pages) that describe the -Enarx vulnerability disclosure policy - including the use of embargos - and +Enarx vulnerability disclosure policy - including the use of embargoes - and the list of security advisories and fixes. The two pages are "Vulnerability Reporting and Embargo Policy" and "Enarx @@ -238,14 +238,15 @@ We could offer further official channels for secure communication and disclosure. Some ideas are: -- Github: work with Github on security issues reporting (WIP) -- Use RocketChat, our current [chat platform](https://chat.enarx.dev) RocketChat's capacity for with end-to-end - encryptted conversations. -- [Keybase](https://keybase.io/encrypt) messaging -- [Signal](https://signal.org): raises question which account (ie: phone number) -- A OMEMO or OTR enabled Jabber / XMPP account (OMEMO offering the advantage - of allowing to establish a secure channel without both participants being - online) +- Github: work with Github on security issues reporting (WIP). +- Use RocketChat, our current [chat platform](https://chat.enarx.dev), in + particular its capacity for end-to-end encrypted conversations. +- [Keybase](https://keybase.io/encrypt) messaging. +- [Signal](https://signal.org): raises question which account (ie: currently, + an associated phone number). +- A [OMEMO](https://conversations.im/omemo/) or OTR enabled Jabber / XMPP + account (OMEMO offering the advantage of allowing to establish a secure + channel without both participants being online). - [Secure Drop](https://securedrop.org/) (initially designed for as a way to - share and accept documents securely for news organisations, likely overkill) -- A simpler drop box over HTTPS + share and accept documents securely for news organisations, likely overkill). +- A simpler drop box over HTTPS.