Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12798 from gyuho/security

Browse Source 
security: add private distributor list, and its application template
This commit is contained in:
Gyuho Lee 2021-03-23 11:34:50 -07:00 committed by GitHub
commit 21188b5e0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
.github/ISSUE_TEMPLATE/distributors-application.md vendored Normal file
View File

@ -0,0 +1,28 @@
---
name: Distributors Application
title: Distributors Application for <YOUR DISTRIBUTION HERE>
about: Apply for membership of security@etcd.io
---
<!--
Please answer the following questions and provide supporting evidence for
meeting the membership criteria.
-->
**Actively monitored security email alias for our project:**
**1. Have a user base not limited to your own organization.**
**2. Have a publicly verifiable track record up to present day of fixing security issues.**
**3. Not be a downstream or rebuild of another distribution.**
**4. Be a participant and active contributor in the community.**
**5. Accept the Embargo Policy.**
<!-- https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#disclosures -->
**6. Be willing to contribute back.**
<!-- Per https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#patch-release-and-public-communication -->
**7. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.**

10
security/README.md
View File

@ -35,3 +35,13 @@ A public disclosure date is negotiated by the etcd Product Security Committee an
## Security Audit
A third party security audit was performed by Trail of Bits, find the full report [here](SECURITY_AUDIT.pdf).
## Private Distributor List
This list provides actionable information regarding etcd security to multiple distributors. Members of the list may not use the information for anything other than fixing the issue for respective distribution's users. If you continue to leak information and break the policy outlined here, you will be removed from the list.
### Request to Join
New membership requests are sent to security@etcd.io.
File an issue [here](https://github.com/etcd-io/etcd/issues/new?template=distributors-application.md), filling in the criteria template.

4
security/security-release-process.md
View File

@ -11,7 +11,11 @@ The PSC is responsible for organizing the entire response including internal com
The initial PSC will consist of volunteers who have been involved in the initial discussion:
- Brandon Philips (**[@philips](https://github.com/philips)**) [4096R/154343260542DF34]
- Gyuho Lee (**[@gyuho](https://github.com/gyuho)**)
- Joe Betz (**[@jpbetz](https://github.com/jpbetz)**)
- Sahdev Zala (**[@spzala](https://github.com/spzala)**)
- Sam Batschelet (**[@hexfusion](https://github.com/hexfusion)**)
- Xiang Li (**[@xiang90](https://github.com/xiang90)**)
The PSC members will share various tasks as listed below: