Skip to content

Latest commit

 

History

History
49 lines (35 loc) · 3.13 KB

security.md

File metadata and controls

49 lines (35 loc) · 3.13 KB
Raw
layout title permalink
general_page
Security
/security/

Package signing

CloudRouter 2.0 beta is a Fedora Remix. Most packages are provided by the Fedora repositories. For details on how these packages are signed, see the Fedora documentation. Additional packages such as OpenDaylight are provided by the CloudRouter repositories. These packages are signed using the CloudRouter Project key:

{% comment %} TODO for enterprise These packages are signed using the IIX Inc. signing key:

5fbf0300: IIX, Inc. <security@iix.net>

pub  4096R/56BF0300 2015-01-09 IIX Inc. <security@iix.net>
Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-cloudrouter 
Download: pgp.mit.edu

{% endcomment %}

a4702bf1: CloudRouter Project <security@cloudrouter.org>

pub: 2048R/191F16B0 2015-02-10 CloudRouter Project <security@cloudrouter.org>
Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUDROUTER 
Download: pgp.mit.edu

For added security, the CloudRouter Project key is stored on a hardware security module (HSM). For more details, see the blog post “Signing RPMs using the Nitrokey hardware security module (HSM)”.

Reporting security issues

Please report any security issues you find in CloudRouter to: security@cloudrouter.org

Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.

Security advisories

{% for advisory in site.security_advisories reversed %}

{{ advisory.url | split:"/" | last | remove: ".yaml" | remove: ".html" | remove: ".md" | remove: ".markdown" }}{% for vulnerability in advisory.vulnerabilities %} [{{ vulnerability.impact-assessment.rating | capitalize }}] {{ vulnerability.cve-id }}{% endfor %}: {{ advisory.title }}

Description

{{ advisory.description }}

{{ advisory.content }}

Credit

{% for reporter in advisory.reporters %} {% assign num_issues_reported = reporter.reported | size %} Issue{% if num_issues_reported > 1 %}s{% endif %} {{ reporter.reported | join: " " }} {% if num_issues_reported > 1 %}were{% else %}was{% endif %} reported by {{ reporter.name }} of {{reporter.affiliation }}. {% endfor %}

{% endfor %}