From e70d909e04cd7345f7071847d443c191c4178594 Mon Sep 17 00:00:00 2001 From: "Gang(Jimmy) Wei" <11015100@qq.com> Date: Mon, 30 Nov 2020 22:42:20 +0800 Subject: [PATCH] =?UTF-8?q?=E5=88=B7=E6=96=B0=E6=BC=8F=E6=B4=9E=E5=A4=84?= =?UTF-8?q?=E7=90=86readme=20=E6=9B=B4=E6=96=B0=E6=BC=8F=E6=B4=9E=E6=8A=A5?= =?UTF-8?q?=E5=91=8A=E9=82=AE=E7=AE=B1=E4=B8=BAopeneuler-security@openeule?= =?UTF-8?q?r.org=EF=BC=8C=E5=B9=B6=E5=A2=9E=E5=8A=A0pgp=E5=85=AC=E9=92=A5?= =?UTF-8?q?=E3=80=82=20=E5=B0=86GPG=E5=85=AC=E9=92=A5=E7=BA=A0=E6=AD=A3?= =?UTF-8?q?=E4=B8=BAPGP=E5=85=AC=E9=92=A5=E3=80=82=20=E8=A1=A5=E9=BD=90?= =?UTF-8?q?=E5=AE=89=E5=85=A8=E5=A7=94=E5=91=98=E5=AE=9E=E9=99=85=E4=BA=BA?= =?UTF-8?q?=E5=91=98=E6=B8=85=E5=8D=95=E3=80=82=20=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E6=B8=85=E5=8D=95=E6=A0=BC=E5=BC=8F=E3=80=82=20=E7=BA=A0?= =?UTF-8?q?=E6=AD=A3liujingang=E5=9C=A8en=E7=89=88readme=E4=B8=AD=E7=9A=84?= =?UTF-8?q?=E6=8B=BC=E5=86=99=E9=94=99=E8=AF=AF=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../public_key_openeuler_security.asc | 55 +++++++++++++++++++ .../public_key_weigang.asc | 41 ++++++++++++++ .../vulnerability-reporting/README.md | 11 ++-- .../vulnerability-reporting/README.md | 14 +++-- 4 files changed, 113 insertions(+), 8 deletions(-) create mode 100644 web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_openeuler_security.asc create mode 100644 web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_weigang.asc diff --git a/web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_openeuler_security.asc b/web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_openeuler_security.asc new file mode 100644 index 00000000..97a0d9bf --- /dev/null +++ b/web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_openeuler_security.asc @@ -0,0 +1,55 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: Keybase OpenPGP v1.0.0 +Comment: https://keybase.io/crypto + +xsBNBF/EUBgBCADIotctW6ggGfmJaYg4td3+gMFNlNLMNT0Q6xxk0siLlrnjX1zK +q3H6F+/MRCVnzZymSt0q3Bgdn4djtcHmzmZaaCv0EH/d0B4Xhtb+jwfUOVy3buM/ +W+C3HS4lnaHAAa1r7JCIgpnvCEC+7l7VEGGPOleL9QByHdLbLcbNxW95VbZOZQ0M +RC1tOCInSPdW5IWGhkEghke21mx9KPMMuiPngW5drhKCHL3Uf8w+4qOcnouAQecO +zMnlOKIjvUEkZ06Cq8r9fKkvfC/YaM8RhpGex3L8OZrMYvphSa1b8k7kfCAaABLl +Alv/ERTfvd5h+eQsV39rJaFZ+rcWYzwtMCxPABEBAAHNNW9wZW5ldWxlci1zZWN1 +cml0eSA8b3BlbmV1bGVyLXNlY3VyaXR5QG9wZW5ldWxlci5vcmc+wsBtBBMBCgAX +BQJfxFAYAhsvAwsJBwMVCggCHgECF4AACgkQzk1FIbnp2ymLnggAlyLd6MFpTsVl +eQpUjdN88dgUcHc5THc1+YWQpZpk2GDTQEyj3DjqR5v1QjKmgFXe8CazIpx91fLV +BmXhZgg7F5I8+JzB75gyuGMbv1XnOQY2+R0+cG4ixQwHY9wjjpAnW3mBicQnJ/YX +jpIcN3N9AKZ6XCSYeGfJODMQ2MV+GmB4mpgbKeGBzBMu4v0dkJ+UNEZVUerVMIsm +WouWa3+3i6uYsjyWmDZnirGq4LPCwmkFi3jX6k1l4pk+eM44/Q+JknqMIYyfI92I +/3y29xnfpJTLNFnqi58vSPJlSbzj97sVh95iKU+IfGj8nCK85FP4ot7ifmLAaedq +naRjfsNsZc7ATQRfxFAYAQgAtLdTt990EyDMsau1sg0XIa3OAlICxFtSXhAhF1hm +VLRHXZwyLeJ4UUrPlSUGasvkGSXu5nkvEIQiwMmGmuvBuEAwcCJsZTXBzHW/4RL/ +2Wzjvd8DoLOPfsQvKoW7DX281XxKEHFQpq+MfexHaaY4xfxcf+vFhZVFliyXTvjg +EOqtVqYmgMtN3Cq5WYP+2/NRuwt7zNWfpPucNNR38eCZ+hb0Qt0bcZ/dlXiFgd1Y +P1j1vlldFCNfYPuP90uHjUNhcC80ph0a52ksK+XCbwlrWRHXEu0ZeQJipzJftg9B +lakpc/c+hgK+w7cA2asLXKflBT6uJwxTQJkDGPglSOguRQARAQABwsGEBBgBCgAP +BQJfxFAYBQkPCZwAAhsuASkJEM5NRSG56dspwF0gBBkBCgAGBQJfxFAYAAoJEPpF +ntMnKa9qnvoH/2U1f9exNAQws7pLUtm068Ul5XznVH2AsJTwYA9vAQungdvQOD2B +fjYahmxwiP9TCZXkkHVn1l036zsf6Fz6Er9EUi13kB9uJUSzxOCG9d57LBA+uv6U +fZRLjpbherVjCGbdDHskV7x+6GXzmCkwvcAkVGxNR7wee1dOYaTctyj0sNZx5fOM +Vf/OPWh8Ydx26YKczCExNNjEy6LaBHafjscHUz85aWtsQlQsG+fTSqWdo1o0+FtF +9hHgSDbAP78jMe5k1TBJGVU2M0t389cCp4CCZXBH6Dk2KMSbj5oS9BI6R4SLwdl+ +fFsMUYVHEIacYHgdJjV4zNte+3OYz5CWsSllJwf+LgqyzPHy1rTbrisKro1jHRbc +WHGl/4wAriPThzFYsGb1EYVYOPsCRlGhGADzdLoh/9FQRCUYrkTJlX36O/cCW8UQ +QjXkDzb+sLcwHdtISdgb+Xh2qg/irn7NYGyzOuxXRJ4vQMNWgsqUumCkEiR1Rg4b +ieBzP1d7MIIjJ7oIb12IMLTNm479GgJnZlR8y87lWrE0LQAdxJamMDWGBkQBqSKM +orsZxOhKIDPBm6ddhy6OViy2YAN8rPY/xTWK4mmfFhhl3JJJtcKfxIPgp35sFHUV +enYfqcncSD+++zg5tm6MOD5Ibey/hZ6wCb+YiRafv09tCZ0Qi4wrZtcEz4+rgs7A +TQRfxFAYAQgAz85zznqVzPBmDToLzwk9nMR4bys4ME4QkNuvXovIpZhzgQ7qaTsC +s1mjUcoChX6jCmz0Z39PLgSrMFSMyjdPmVNP97cGyxPmlWqMbOfVfTwYOrT10V0o +0aHwbwLtSTxwCSfmTiphTvPh2oNrfH1MckYlEuYV5KETV7/MPmDstNqBYcB8yiHB +1y+PcotqeImcGxrL/+0Qf93aw1ysjmGEUaiG6Vx+PTAPaAQQoN0FTofZ137BapUc +cmp1t8dZTq8XkobJk39QWt5ohvnBPhZOCei+cEJoUA/doWQWaAdtYkWB2rJ4HuYt +wJef+5NvjY0SR3AOb8ljkk/5EZS3Uf1nAQARAQABwsGEBBgBCgAPBQJfxFAYBQkP +CZwAAhsuASkJEM5NRSG56dspwF0gBBkBCgAGBQJfxFAYAAoJEMzpT5rs4Tna7f0I +AJu4N7mqkTKVKUr39wm0Ux0oZkbIhlssvImYzFrzVqGH6Kls/xTw/tS08U2Dba7n +hzjdvL1cRD1O2j4nag3FeUO/8WgMI7Tl4WvPksxhA4iv7fwCNGylM32O7DF57B3i +idKod6XS1fvgi7AFgmA2iikXXKhM9pXlq55WCvwX0IUEKdfsgE3Xykn6ynWmiOaJ +fCK2XAccMU3AZpSxTtq5cRycI6NQRuWLpx/SQWCGrYue1HjbaXFLSQFSlHoNyg4u +Pl4kJLGcpOgK8ZjGpdjnY1p6Gmxq6qrQuLDCmkds/tkRmLFZ1WY0Q0/ocXkV18u3 +1dLRSRJtqMH9m4aVrs8ynzQSPwf/ZpqAV1gmAn/TMm0D27DnlNSB89pTls4snZWY +TIpjIvsYuOFc6S5zZhWet4QYcong8Daa1qEP4sKs6Wknex1ghoxjyrnJPxMs+tmk +/TOQQZBt5zbcQwfaqITI7XUOkYYK2dgkZIFHE2kErlTvh4xpNyqn33u1dgqFhmQS +X49b9G9SxQKQ1I/4a1Nftk2dXsx/1JM1JYNhEEp64DJru+vGztGNjjMpy7PN3Yhh +WzFz1eha3jsM3BsCaQYvASXouWXFW+vCdifIyUoK405HMqzRoJOqv3EbCra5WXBd +hoKgCBXcbLrYmBNrOFiHyI43/LlAhys3dO4X6aPWliDVTVqC1Q== +=HLPu +-----END PGP PUBLIC KEY BLOCK----- diff --git a/web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_weigang.asc b/web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_weigang.asc new file mode 100644 index 00000000..5c19813d --- /dev/null +++ b/web-ui/docs/.vuepress/public/vulnerability-reporting/public_key_weigang.asc @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBF/Cj7gBDACtLHxhGCdFXgDFZVTEwguyTHvAQVQBuNBRLDYdBQ7glTSCXh7e +kuWasgeEuwlCzwMfMZlHAM6Wxspf+23rFPhVvBAgLEQ0sTkOtzwOzBC84Az8rBis +GYN04t6mnFx285sNob5v1IXTFX9PWgcqORB4NTtlF2xeEbvcWWBrv+V9gouwlcSY +XX6lXTTlGp5LVm5qfFcyB/JqGkTAXXSRCTiaREpmNjzAS94Fis9wVJhQ4NZMOw4O +a33PicPLNv4lczFQeHpJoUuitcp/Q9b1tF86DY1ODwrCXewR17n5GI/IvINYubqO +PsOT67btTB+Uu7oxGg+M1Dq9qO9r3egcOO9lgpSohqKLr1kYA9y5dLaod7uiKS0D +8iEvVQpJD9bNTXZapxPps+HPjt8Y9xKj8czLPvlSuk1rHwnKamgfydl7QvXoCNnA +9HbsloT4gqme0mWIzpoHlHnsuyJMCLpFiWvl5XuqqwNkdsO20KFY3mD0Jkn13or9 +XEVJ5PxPjrCV3mMAEQEAAbQhR2FuZyhKaW1teSkgV2VpIDwxMTAxNTEwMEBxcS5j +b20+iQHUBBMBCgA+FiEEYAgOin9/2EC89DMhLc+x8jVEWYQFAl/Cj7gCGwMFCQHh +M4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQLc+x8jVEWYQVVgv7B0ijkiy0 +NviUMHr89r5hhXIU7X7l7gi4AlzWd3KFP8ey+aw6btA0qq9miTApt6HVH24xQUVN +cKqcvRnvVR8g8OCTQgmQJYr/JD7VRbwL0bGh+/lUR1LBUlVGoLaSD6wNwjTTdfzK +w3PXwDJgKMCdMAJXQ48qGCyz5ISN4XuqN4I0jQBjmcQt2OF5uBoIH8pPtlXb3l0q +0L6Zsl4UlbDUd8+4yt+iDqU9Zh4YvCHPHILp5oSnLzzDkE9odCR4PWJe5Z9un6nT +H2Y8OYe8pYWRizA/i+4+j7UrRD3AkMwRp+xL1cfzHDR6Q8JzR/HFHXBVHsPnBkar +qmx8gEVfpJC+HRLv+w/rKiK8hsNduNOBwYxCYinpSbYLv57djkCPXuKeDVCVlgiP +fvFLdHDXq3O3EP8s6+gn7Ecyk9mtO4Joq+gqebpgdY47n+k7aufiU1dJldqE54Vf +Gkxkh9xf0cPHKK/f/trxV1ANOWJX6/Wx6uiDHI/WeT9Ymuv31FkL84tIuQGNBF/C +j7gBDADWp5M+Qwig911EYl5HXYGL4d7GJQ+L/jRGcx16BNZTq3pF4JxcEN1tyL4b +ttlCzBLbFS6vJfWq9PGfnHWpPVxMfDnRqEIo136ho4pBOP2w6EBBjetRbDsfkDA5 +26gFq/4eePK4Iwc2F3nPyWzQyTc2fb/Jejv/n5hTRCoUwyhPB+fyK6LzKr1DK2XV +7J0JZ83arSn5BMTCEGV96Qj5cIHttnGmGIt9rTM8Kn4GhsDb3ANivxs8SsAwudR2 +tjR4e7Xv5yWoDd8yzCHQhcI//2CE3ILg6GhQF55/gxwK9g+eDXsL+uI0cWfSiFcC +2cN9/WZ5W4RgJWh0QU/0uJzeebUgQBi8FGp2He1yit+OKXsgrvF6ZYw4+Njoi83d +eEE6DejBO6eWyDQRw2q/PpCZ7xUiSa0RnGwLZ40KpiSERiHBqxY18jRb4Z7OeCht +PCKR40ZzhDAlhByuSAbH3rVXRp+0DmrwBDKmamJUIxxiCwSZSAoOKnsBZGdfPOI5 +WpmnieEAEQEAAYkBvAQYAQoAJhYhBGAIDop/f9hAvPQzIS3PsfI1RFmEBQJfwo+4 +AhsMBQkB4TOAAAoJEC3PsfI1RFmEspUMAIJ7ORvB6YIFyGSVaKAuOoP6cKyk/l++ +UEterzi/j8QVGP7DZyuVHT+bidu3TcXuPSOX79TCzSh0r/CXqyrRF3oliJ/FsvHj +xcL9R02tUY9KhhOJ15UdvCxmsLjS8KqqiS2m806ke26i3qzNjNjVPKHfbTowMmCM +aQMXyBJearrQnnkBafX9NeRHRexbP/Rl1URVmX209H9U1/yLPQ38naTwgWPkmsVA +l9zG6ODQm6qe97rSfTVe6SjZwT9O2h1ihfvZ9bRXJEYknr2akjUcn7poCWNRzOqB +Fm5yRItx0Fnn6PKLFvjPCWYsiBZOnIcOgo7xMKBKw7WuxUzg/75c4TUeZOjF/SNj +vhzKW91I1Z/Pxw+wW3d8g+QXqy7/dkjiRtXRxGZp3d2dQn01xA+8LllcoiQL3nBQ +sTLpL4upv3wIqJrEig1CCu3jV/xCLZ2scX1BZF5F1Nuxrg4u98m+IASZyelI3n+l +8gNJatLN+S7o+tEY674IFESZaN9/NLT6pA== +=AS9I +-----END PGP PUBLIC KEY BLOCK----- diff --git a/web-ui/docs/en/security/vulnerability-reporting/README.md b/web-ui/docs/en/security/vulnerability-reporting/README.md index fc35bc94..37c87ee6 100644 --- a/web-ui/docs/en/security/vulnerability-reporting/README.md +++ b/web-ui/docs/en/security/vulnerability-reporting/README.md @@ -28,13 +28,16 @@ We hope that you can report the potential vulnerability of an openEuler product ### Reporting Channel -You can send the potential security vulnerabilities of an openEuler product to the e-mail of the openEuler security team (). Given that the vulnerability information is sensitive, you are advised to use the public GPG key of the security team to encrypt the e-mail. +You can send the potential security vulnerabilities of an openEuler product to the e-mail of the openEuler security team (). Given that the vulnerability information is sensitive, you are advised to use the public PGP key of the security team to encrypt the e-mail. The information of the security team members is described as follows: -+ Liu Jinggang [@ liujinggang09], , public GPG key ++ Liu Jingang [@liujingang09], , public PGP key + Yang Li [@yangli69393], -+ Yan Xiaobing [@yanxiaobing2020], , public GPG key -+ Zhu Jianwei @ zhujianwei001, , public GPG key ++ Yan Xiaobing [@yanxiaobing2020], , public PGP key ++ Zhu Jianwei [@zhujianwei001], , public PGP key ++ Wei Gang [@gwei3], <11015100@qq.com>, public PGP key ++ Guo Xiaoqi [@guoxiaoqi], ++ Yang Lijin [@jinjin], ### Reporting Content To quickly identify and verify suspected vulnerabilities, the reporting e-mail should include but is not limited to the following content: diff --git a/web-ui/docs/zh/security/vulnerability-reporting/README.md b/web-ui/docs/zh/security/vulnerability-reporting/README.md index 1670b7b8..79f13a89 100644 --- a/web-ui/docs/zh/security/vulnerability-reporting/README.md +++ b/web-ui/docs/zh/security/vulnerability-reporting/README.md @@ -26,16 +26,22 @@ openEuler社区非常重视社区版本的安全性,openEuler安全委员会 如果您认为openEuler产品存在一个疑似安全漏洞,我们希望您将漏洞上报给openEuler社区,并与我们配合以负责任的方式修复和披露该问题。 ### 漏洞上报方式 -您可以通过email将openEuler产品的潜在安全漏洞发送到openEuler安全团队邮箱()。因为漏洞信息比较敏感,建议您使用安全团队邮箱GPG公钥对邮件信息进行加密。 +您可以通过email将openEuler产品的潜在安全漏洞发送到openEuler安全团队邮箱()。因为漏洞信息比较敏感,建议您使用安全团队邮箱PGP公钥对邮件信息进行加密。 安全团队成员信息如下: -+ 刘金刚@liujingang09,, GPG公钥。 ++ 刘金刚[@liujingang09],, PGP公钥。 + 杨丽[@yangli69393],。 -+ 颜小兵[@yanxiaobing2020],, GPG公钥。 ++ 颜小兵[@yanxiaobing2020],, PGP公钥。 -+ 朱健伟@zhujianwei001,, GPG公钥。 ++ 朱健伟[@zhujianwei001],, PGP公钥。 + ++ 魏刚[@gwei3],<11015100@qq.com>, PGP公钥。 + ++ 郭晓琪[@guoxiaoqi],。 + ++ 杨丽锦[@jinjin],。 ### 漏洞上报内容 为了便于快速的确认和验证疑似漏洞,请在漏洞上报邮件中包含但不限于以下内容: -- Gitee