ceph/doc/security/index.rst

==========
 Security
==========

.. toctree::
   :maxdepth: 1

   Past Vulnerabilities / CVEs <cves>
   Vulnerability Management Process <process>

Reporting a vulnerability
=========================

To report a vulnerability, please send email to `security@ceph.io
<security@ceph.io>`_.

* Please do not file a public ceph tracker issue for a vulnerability.
* We urge reporters to provide as much information as is practicable
  (a reproducer, versions affected, fix if available, etc.), as this
  can speed up the process considerably.
* Please let us know to whom credit should be given and with what
  affiliations.
* If this issue is not yet disclosed publicly and you have any
  disclosure date in mind, please share the same along with the
  report.

Although you are not required to, you may encrypt your message using 
the following GPG keys:

`08B7 3419 AC32 B4E9 66C1  A330 E84A C2C0 460F 3994 <https://keyserver.ubuntu.com/pks/lookup?search=0x08b73419ac32b4e966c1a330e84ac2c0460f3994&fingerprint=on&op=index>`_

`A72E 2206 BC85 31EE 964B  6FF8 FF69 432F 307A 807F <https://keyserver.ubuntu.com/pks/lookup?search=0xA72E2206BC8531EE964B6FF8FF69432F307A807F&fingerprint=on&op=index>`_

`CD64 14F0 E2A8 3D47 CBCD  2990 9827 12C0 12E8 8B35 <https://keyserver.ubuntu.com/pks/lookup?search=0xcd6414f0e2a83d47cbcd2990982712c012e88b35&fingerprint=on&op=index>`_


Supported versions
==================

Security updates are applied only to the current :ref:`active-releases`.
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00			`==========`
			`Security`
			`==========`

doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			`.. toctree::`
			`:maxdepth: 1`
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			`Past Vulnerabilities / CVEs <cves>`
			`Vulnerability Management Process <process>`
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
			`Reporting a vulnerability`
			`=========================`

			To report a vulnerability, please send email to `security@ceph.io
			<security@ceph.io>`_.

			`* Please do not file a public ceph tracker issue for a vulnerability.`
			`* We urge reporters to provide as much information as is practicable`
			`(a reproducer, versions affected, fix if available, etc.), as this`
			`can speed up the process considerably.`
			`* Please let us know to whom credit should be given and with what`
			`affiliations.`
			`* If this issue is not yet disclosed publicly and you have any`
			`disclosure date in mind, please share the same along with the`
			`report.`

doc: Add GPG Keys Replaced my GPG key with ceph.com and David's GPG keys Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-04-09 11:41:26 +00:00			`Although you are not required to, you may encrypt your message using`
			`the following GPG keys:`

			`08B7 3419 AC32 B4E9 66C1 A330 E84A C2C0 460F 3994 <https://keyserver.ubuntu.com/pks/lookup?search=0x08b73419ac32b4e966c1a330e84ac2c0460f3994&fingerprint=on&op=index>`_

			`A72E 2206 BC85 31EE 964B 6FF8 FF69 432F 307A 807F <https://keyserver.ubuntu.com/pks/lookup?search=0xA72E2206BC8531EE964B6FF8FF69432F307A807F&fingerprint=on&op=index>`_

			`CD64 14F0 E2A8 3D47 CBCD 2990 9827 12C0 12E8 8B35 <https://keyserver.ubuntu.com/pks/lookup?search=0xcd6414f0e2a83d47cbcd2990982712c012e88b35&fingerprint=on&op=index>`_

doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			`Supported versions`
			`==================`
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			Security updates are applied only to the current :ref:`active-releases`.