web: Add a separate Security page.
authorWerner Koch <wk@gnupg.org>
Fri, 10 Jun 2016 13:59:07 +0000 (15:59 +0200)
committerWerner Koch <wk@gnupg.org>
Fri, 10 Jun 2016 14:14:20 +0000 (16:14 +0200)
Also change "Documentaion" to "Support" in the main menu.

web/documentation/index.org
web/documentation/security.org [new file with mode: 0644]
web/index.org
web/service.org
web/share/gpgweb.el

index 66ff139..92194a4 100644 (file)
@@ -1,8 +1,8 @@
-#+TITLE: GnuPG - Documentation
+#+TITLE: GnuPG - Support
 #+STARTUP: showall
 #+SETUPFILE: "../share/setup.inc"
 
-* Documentation Sources
+* Documentation
 
   - [[file:howtos.org][HOWTOs]] :: Includes links to some HOWTOs available in several
               languages to get out the best from GnuPG.
   - [[file:faqs.org][FAQs]] :: Online version of the FAQs is now available. Please
             consult these FAQs before you ask on one of the mailing
             lists or report a bug.
+
+  - [[file:security.org][Security]] :: How to report security problems.
+
+  You may also notice that OpenPGP is a proposed Internet standard,
+  described by [[https://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]].
+
+* Community support
+
   - [[file:mailing-lists.org][Mailing lists]] :: Describes the purposes of each mailing list
                      hosted on this server and gives instruction on
                      how to subscribe. Links to other GnuPG-related
   - [[https://wiki.gnupg.org][Wiki]] :: The official GnuPG Wiki contains community-maintained
             documentation for GnuPG and related software.
   - [[file:bts.org][BTS]] :: Before you report a bug, please consult the list of bugs.
-  - [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter.
 
+* Other types of support
 
-  You may also notice that OpenPGP is a proposed Internet standard,
-  described by RFC4880 (found at [[http://www.rfc-editor.org/][RFC Editor]]).
+  - [[../service.org][Commercial support]] :: Listing of companies offering commercial
+       support for GnuPG
+
+  - [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter.
diff --git a/web/documentation/security.org b/web/documentation/security.org
new file mode 100644 (file)
index 0000000..726497e
--- /dev/null
@@ -0,0 +1,29 @@
+#+TITLE: GnuPG - Security
+#+STARTUP: showall
+#+SETUPFILE: "../share/setup.inc"
+
+* Security
+
+The GnuPG Project takes the security of software it develops very
+seriously.  In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_%2528computer_security%2529][full disclosure]] approach and all
+bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/cvs_access.org][software
+repository]] are public.  Given that GnuPG is an important part of many
+software distributions and severe bugs in GnuPG would affect their
+users directly, we co-ordinate with them in private as soon as we
+learn about a severe vulnerability.
+
+Sometimes we receive pre-notifications of research which may lead to a
+new kind of vulnerability.  In these cases we may work with the
+researchers in private on a solution and co-ordinate our fix release
+with them.
+
+** Security contact
+
+If you found a *severe* security problem and you do not want to
+publish it, please report it by mail to security at gnupg.org.
+
+Note that we do not use a team OpenPGP key.  Thus please write a
+non-encrypted message to the security address and ask for the keys of
+the developers at duty and then encrypt the mail to all of them.  A
+list of our core developers can be found [[../people/index.org][here]]; the are all active on
+the gnupg-devel mailing list.
index be1f366..3f0f422 100644 (file)
@@ -17,9 +17,9 @@ features for easy integration with other applications. A wealth of
 [[file:related_software/frontends.html][frontend applications]] and [[file:related_software/libraries.html][libraries]] are available. Version 2 of GnuPG
 also provides support for S/MIME and Secure Shell (ssh).
 
-GnuPG is [[http://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can
+GnuPG is [[https://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can
 be freely used, modified and distributed under the terms of the
-[[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]] .
+[[https://www.gnu.org/copyleft/gpl.html][GNU General Public License]] .
 
 GnuPG comes in three flavours:
 
index 181c9ca..1ec6de8 100644 (file)
@@ -2,7 +2,7 @@
 #+STARTUP: showall
 #+SETUPFILE: "share/setup.inc"
 
-* Support
+* Commercial support
 
 As part of the GNU project, GnuPG is community developed, and everyone
 is welcome to contribute under certain conditions. Some companies are
index f65684f..8d5e379 100644 (file)
@@ -76,6 +76,7 @@ if not available."
       ("/features.html"                    "Features")
       ("/news.html"                        "News")
       ("/people/index.html"                "People")
+      ("/documentation/sites.html"         "Sites")
       ("/service.html"                     "Service")))
     ("/donate/index.html"
      "Donate"
@@ -90,14 +91,14 @@ if not available."
       ("/download/mirrors.html"            "Mirrors")
       ("/download/cvs_access.html"         "GIT")))
     ("/documentation/index.html"
-     "Documentation"
+     "Support"
      (("/documentation/howtos.html"        "HOWTOs")
       ("/documentation/manuals.html"       "Manuals")
       ("/documentation/guides.html"        "Guides")
       ("/documentation/faqs.html"          "FAQs")
       ("/documentation/mailing-lists.html" "Mailing&nbsp;Lists")
-      ("/documentation/sites.html"         "Sites")
-      ("/documentation/bts.html"           "Bug&nbsp;Tracker")))
+      ("/documentation/bts.html"           "Bug&nbsp;Tracker")
+      ("/documentation/security.html"      "Security")))
     ("/related_software/index.html"
      "Related software"
      (("/related_software/frontends.html"  "Frontends")