Page MenuHome GnuPG
Files F36623056

No OneTemporary
Actions

View Options

diff --git a/web/documentation/security.org b/web/documentation/security.org
index c724827..5924dc6 100644
--- a/web/documentation/security.org
+++ b/web/documentation/security.org
@@ -1,29 +1,32 @@
#+TITLE: GnuPG - Security
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* Security
The GnuPG Project takes the security of software it develops very
seriously. In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)][full disclosure]] approach and all
bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/git.org][software
repository]] are public. Given that GnuPG is an important part of many
software distributions and severe bugs in GnuPG would affect their
users directly, we co-ordinate with them in private as soon as we
learn about a severe vulnerability.
Sometimes we receive pre-notifications of research which may lead to a
new kind of vulnerability. In these cases we may work with the
researchers in private on a solution and co-ordinate our fix release
with them.
** Security contact
If you found a *severe* security problem and you do not want to
-publish it, please report it by mail to security at gnupg.org.
+publish it, please report it by mail to security at gnupg.org. We
+prefer reports in plain text format; if needed we can also work with
+PDF files. For security reasons we won't read any other complex data
+formats (e.g. docx or odt).
Note that we do not use a team OpenPGP key. Thus please write a
non-encrypted message to the security address and ask for the keys of
the developers at duty and then encrypt the mail to all of them. A
list of our core developers can be found [[../people/index.org][here]]; they are all active on
the gnupg-devel mailing list.

File Metadata

Mime Type
text/x-diff
Expires
Thu, Feb 26, 6:39 PM (14 h, 51 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
e3/7c/c01b6d6f9037619ae683284718c7

Event Timeline