This repository has been archived by the owner on Dec 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #28 from docker/docs-add-security-file
docs: move security reporting instructions
- Loading branch information
Showing
3 changed files
with
11 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,2 @@ | ||
| * @docker/supply-chain-security | ||
| * @docker/signing | ||
| targets/doi/ @docker/doi @docker/signing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,10 +23,6 @@ The process used to establish Docker's production TUF root is documented in [CER | |
| | James Carnegie | [kipz](https://github.com/kipz) | Targets, Delegated Targets (DOI) | [28751259](./ceremony/2024-06-04/keys/28751259/) | | ||
| | Jonny Stoten | [jonnystoten](https://github.com/jonnystoten) | Targets, Delegated Targets (DOI) | [28751258](./ceremony/2024-06-04/keys/28751258/) | | ||
|
|
||
| ## Reporting security issues | ||
| ## Security reporting | ||
|
|
||
| Docker's TUF maintainers take security seriously. If you discover a security issue, please bring it to their attention right away! | ||
|
|
||
| Please **DO NOT** file a public issue, instead send your report privately to [[email protected]](mailto:[email protected]). | ||
|
|
||
| Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future. | ||
| If you have any security concerns please follow [SECURITY.md](./SECURITY.md) | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| ## Reporting security issues | ||
|
|
||
| Docker's TUF maintainers take security seriously. If you discover a security issue, please bring it to their attention right away! | ||
|
|
||
| Please **DO NOT** file a public issue, instead send your report privately to [[email protected]](mailto:[email protected]). | ||
|
|
||
| Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future. |