首页 发现 帮助
登录
mirrors
/
borg
镜像自地址 https://github.com/borgbackup/borg
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

move security verification to support section

the rationale is to simplify the README file to the bare
minimum. security researchers will be able to find the contact
information if they look minimally and people installing the software
will find a link where relevant (in binary releases only, since all
the others have other trust paths)
Antoine Beaupré 8 年之前
父节点
c5f5d17bf0
当前提交
b4d0388785
共有 3 个文件被更改,包括 21 次插入16 次删除
合并视图 显示文件统计
  1. 0 16
      README.rst
  2. 3 0
      docs/installation.rst
  3. 18 0
      docs/support.rst

+ 0 - 16
README.rst
查看文件 

@@ -113,22 +113,6 @@ Now doing another backup, just to show off the great deduplication:
 
 
 
 For a graphical frontend refer to our complementary project `BorgWeb <https://borgweb.readthedocs.io/>`_.
 
 For a graphical frontend refer to our complementary project `BorgWeb <https://borgweb.readthedocs.io/>`_.
 
 
 
-Checking Release Authenticity and Security Contact
 
---------------------------------------------------
 
-
 
-`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
 
-please use GPG to verify their authenticity.
 
-
 
-In case you discover a security issue, please use this contact for reporting it privately
 
-and please, if possible, use encrypted E-Mail:
 
-
 
-Thomas Waldmann <tw@waldmann-edv.de>
 
-
 
-GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
 
-
 
-The public key can be fetched from any GPG keyserver, but be careful: you must
 
-use the **full fingerprint** to check that you got the correct key.
 
-
 
 Links
 
 Links
 
 -----
 
 -----

+ 3 - 0
docs/installation.rst
查看文件 

@@ -64,6 +64,9 @@ and compare that to our latest release and review the :doc:`changes`.
 
 Standalone Binary
 
 Standalone Binary
 
 -----------------
 
 -----------------
 
 
 
+.. note:: Releases are signed with an OpenPGP key, see
 
+          :ref:`security-contact` for more instructions.
 
+
 
 |project_name| binaries (generated with `pyinstaller`_) are available
 
 |project_name| binaries (generated with `pyinstaller`_) are available
 
 on the releases_ page for the following platforms:
 
 on the releases_ page for the following platforms:

+ 18 - 0
docs/support.rst
查看文件 

@@ -56,3 +56,21 @@ As a developer, you can become a Bounty Hunter and win bounties (earn money) by
 
 contributing to |project_name|, a free and open source software project.
 
 contributing to |project_name|, a free and open source software project.
 
 
 
 We might also use BountySource to fund raise for some bigger goals.
 
 We might also use BountySource to fund raise for some bigger goals.
 
+
 
+.. _security-contact:
 
+
 
+Security
 
+--------
 
+
 
+In case you discover a security issue, please use this contact for reporting it privately
 
+and please, if possible, use encrypted E-Mail:
 
+
 
+Thomas Waldmann <tw@waldmann-edv.de>
 
+
 
+GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
 
+
 
+The public key can be fetched from any GPG keyserver, but be careful: you must
 
+use the **full fingerprint** to check that you got the correct key.
 
+
 
+`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
 
+please use GPG to verify their authenticity.