From 3407cbbad13402f6af1c4dc15d001130267217ce Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Wed, 23 Feb 2022 22:20:09 +0100 Subject: [PATCH] Add info about bug report to FAQ and add SECURITY.md file. --- FAQ.md | 14 ++++++++++++++ SECURITY.md | 10 ++++++++++ 2 files changed, 24 insertions(+) create mode 100644 SECURITY.md diff --git a/FAQ.md b/FAQ.md index 0848f56d..b34ea020 100644 --- a/FAQ.md +++ b/FAQ.md @@ -262,6 +262,20 @@ Also, device mapper requires root access. cryptsetup uses device mapper to manage the decrypted container. + * **1.12 How can I report an issue in the cryptsetup project?** + + Before reporting any issue, please be sure you are using the latest + upstream version and that you read the documentation (and this FAQ). + + If you think you have discovered an issue, please report it through + the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues). + For a possible security issue, please use the confidential checkbox. + + Please fill in all information requested in the report template + (specifically add debug output with all run environment data). + Do not trim the output; debug output does not include private data. + + # 2. Setup * **2.1 LUKS Container Setup mini-HOWTO** diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..3bca49fc --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,10 @@ +# Reporting a Security Bug in cryptsetup project + +If you think you have discovered a security issue, please report it through +the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues) +as a confidential issue (select confidential checkbox). + +An alternative is to send PGP encrypted mail to the cryptsetup maintainer. +Current maintainer is [Milan Broz](mailto:gmazyland@gmail.com), use PGP key +with fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B D93E 98FC. +