Hi all, In light of the security issues over the last few weeks, we have started work on a security page for Gitorious, available at
http://en.gitorious.org/security/ As you'll see, that page contains information about how to report vulnerabilities found in Gitorious in a responsible manner. It also contains our GPG public key, which we will be using for (at least) the following things in the future: - sign any security related announcements about Gitorious, so anyone can verify that the announcement was in fact written by us - sign the release tags for Gitorious The GPG key has been uploaded to the gnupg.net keyserver(s), so it should be available from a key server near you. We have discussed a few other possible actions: - setting up a dedicated security announcements mailing list - set up a Rubygems site for verified and signed versions of Gitorious' dependencies Any other things we should consider? Other thoughts? Stay safe, - Marius -- -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com --- You received this message because you are subscribed to the Google Groups "Gitorious" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitorious+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
