[git] gnupg-doc - branch, master, updated. c0ddb5e4626defb4dc8341d4c06709ee96f69623

Fri Jun 10 16:15:51 CEST 2016

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  c0ddb5e4626defb4dc8341d4c06709ee96f69623 (commit)
      from  bea8041a37c710ed7c31fdab7401d35a36bfbc18 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c0ddb5e4626defb4dc8341d4c06709ee96f69623
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Jun 10 15:59:07 2016 +0200

    web: Add a separate Security page.
    
    Also change "Documentaion" to "Support" in the main menu.

diff --git a/web/documentation/index.org b/web/documentation/index.org
index 66ff139..92194a4 100644
--- a/web/documentation/index.org
+++ b/web/documentation/index.org
@@ -1,8 +1,8 @@
-#+TITLE: GnuPG - Documentation
+#+TITLE: GnuPG - Support
 #+STARTUP: showall
 #+SETUPFILE: "../share/setup.inc"
 
-* Documentation Sources
+* Documentation
 
   - [[file:howtos.org][HOWTOs]] :: Includes links to some HOWTOs available in several
               languages to get out the best from GnuPG.
@@ -16,6 +16,14 @@
   - [[file:faqs.org][FAQs]] :: Online version of the FAQs is now available. Please
             consult these FAQs before you ask on one of the mailing
             lists or report a bug.
+
+  - [[file:security.org][Security]] :: How to report security problems.
+
+  You may also notice that OpenPGP is a proposed Internet standard,
+  described by [[https://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]].
+
+* Community support
+
   - [[file:mailing-lists.org][Mailing lists]] :: Describes the purposes of each mailing list
                      hosted on this server and gives instruction on
                      how to subscribe. Links to other GnuPG-related
@@ -23,8 +31,10 @@
   - [[https://wiki.gnupg.org][Wiki]] :: The official GnuPG Wiki contains community-maintained
             documentation for GnuPG and related software.
   - [[file:bts.org][BTS]] :: Before you report a bug, please consult the list of bugs.
-  - [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter.
 
+* Other types of support
 
-  You may also notice that OpenPGP is a proposed Internet standard,
-  described by RFC4880 (found at [[http://www.rfc-editor.org/][RFC Editor]]).
+  - [[../service.org][Commercial support]] :: Listing of companies offering commercial
+       support for GnuPG
+
+  - [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter.
diff --git a/web/documentation/security.org b/web/documentation/security.org
new file mode 100644
index 0000000..726497e
--- /dev/null
+++ b/web/documentation/security.org
@@ -0,0 +1,29 @@
+#+TITLE: GnuPG - Security
+#+STARTUP: showall
+#+SETUPFILE: "../share/setup.inc"
+
+* Security
+
+The GnuPG Project takes the security of software it develops very
+seriously.  In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_%2528computer_security%2529][full disclosure]] approach and all
+bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/cvs_access.org][software
+repository]] are public.  Given that GnuPG is an important part of many
+software distributions and severe bugs in GnuPG would affect their
+users directly, we co-ordinate with them in private as soon as we
+learn about a severe vulnerability.
+
+Sometimes we receive pre-notifications of research which may lead to a
+new kind of vulnerability.  In these cases we may work with the
+researchers in private on a solution and co-ordinate our fix release
+with them.
+
+** Security contact
+
+If you found a *severe* security problem and you do not want to
+publish it, please report it by mail to security at gnupg.org.
+
+Note that we do not use a team OpenPGP key.  Thus please write a
+non-encrypted message to the security address and ask for the keys of
+the developers at duty and then encrypt the mail to all of them.  A
+list of our core developers can be found [[../people/index.org][here]]; the are all active on
+the gnupg-devel mailing list.
diff --git a/web/index.org b/web/index.org
index be1f366..3f0f422 100644
--- a/web/index.org
+++ b/web/index.org
@@ -17,9 +17,9 @@ features for easy integration with other applications. A wealth of
 [[file:related_software/frontends.html][frontend applications]] and [[file:related_software/libraries.html][libraries]] are available. Version 2 of GnuPG
 also provides support for S/MIME and Secure Shell (ssh).
 
-GnuPG is [[http://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can
+GnuPG is [[https://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can
 be freely used, modified and distributed under the terms of the
-[[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]] .
+[[https://www.gnu.org/copyleft/gpl.html][GNU General Public License]] .
 
 GnuPG comes in three flavours:
 
diff --git a/web/service.org b/web/service.org
index 181c9ca..1ec6de8 100644
--- a/web/service.org
+++ b/web/service.org
@@ -2,7 +2,7 @@
 #+STARTUP: showall
 #+SETUPFILE: "share/setup.inc"
 
-* Support
+* Commercial support
 
 As part of the GNU project, GnuPG is community developed, and everyone
 is welcome to contribute under certain conditions. Some companies are
diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el
index f65684f..8d5e379 100644
--- a/web/share/gpgweb.el
+++ b/web/share/gpgweb.el
@@ -76,6 +76,7 @@ if not available."
       ("/features.html"                    "Features")
       ("/news.html"                        "News")
       ("/people/index.html"                "People")
+      ("/documentation/sites.html"         "Sites")
       ("/service.html"                     "Service")))
     ("/donate/index.html"
      "Donate"
@@ -90,14 +91,14 @@ if not available."
       ("/download/mirrors.html"            "Mirrors")
       ("/download/cvs_access.html"         "GIT")))
     ("/documentation/index.html"
-     "Documentation"
+     "Support"
      (("/documentation/howtos.html"        "HOWTOs")
       ("/documentation/manuals.html"       "Manuals")
       ("/documentation/guides.html"        "Guides")
       ("/documentation/faqs.html"          "FAQs")
       ("/documentation/mailing-lists.html" "Mailing Lists")
-      ("/documentation/sites.html"         "Sites")
-      ("/documentation/bts.html"           "Bug Tracker")))
+      ("/documentation/bts.html"           "Bug Tracker")
+      ("/documentation/security.html"      "Security")))
     ("/related_software/index.html"
      "Related software"
      (("/related_software/frontends.html"  "Frontends")

-----------------------------------------------------------------------

Summary of changes:
 web/documentation/index.org    | 20 +++++++++++++++-----
 web/documentation/security.org | 29 +++++++++++++++++++++++++++++
 web/index.org                  |  4 ++--
 web/service.org                |  2 +-
 web/share/gpgweb.el            |  7 ++++---
 5 files changed, 51 insertions(+), 11 deletions(-)
 create mode 100644 web/documentation/security.org


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org


