redis-doc icon indicating copy to clipboard operation
redis-doc copied to clipboard

Published 20 hours ago verified publisher icon redis

Formally specify how to issue a security report

Open banker opened this issue 3 years ago • 5 comments

Current text reads:

"For security-related contacts, open an issue on GitHub, or when you feel it is really important to preserve the security of the communication, use the GPG key at the end of this document."

Can we confirm that this is the official process?

banker avatar Jan 31 '22 23:01 banker

More or less yeah, we also have more information here: https://github.com/redis/redis/security/policy. Seems like they should be merged a bit since we don't have the GPG key linked from the policy.

madolson avatar Feb 01 '22 01:02 madolson

I believe we do have that key somewhere - @yossigo please confirm.

itamarhaber avatar Feb 01 '22 16:02 itamarhaber

@itamarhaber We do, you should as well.

yossigo avatar Feb 01 '22 18:02 yossigo

Got it.

itamarhaber avatar Feb 02 '22 16:02 itamarhaber

Thanks, @madolson, @yossigo, and @itamarhaber. I'll integrate this into the docs with a new PR.

banker avatar Feb 02 '22 18:02 banker

key is here https://redis.io/docs/management/security/ closing as complete, please re-open if needed

mich-elle-luna avatar Dec 26 '23 19:12 mich-elle-luna