mirror of https://github.com/borgbackup/borg.git
move security verification to support section
the rationale is to simplify the README file to the bare minimum. security researchers will be able to find the contact information if they look minimally and people installing the software will find a link where relevant (in binary releases only, since all the others have other trust paths)
This commit is contained in:
Antoine Beaupré
parent
c5f5d17bf0
commit
b4d0388785
16
README.rst
16
README.rst
|
|
@ -113,22 +113,6 @@ Now doing another backup, just to show off the great deduplication:
|
|||
|
||||
For a graphical frontend refer to our complementary project `BorgWeb <https://borgweb.readthedocs.io/>`_.
|
||||
|
||||
Checking Release Authenticity and Security Contact
|
||||
--------------------------------------------------
|
||||
|
||||
`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
|
||||
please use GPG to verify their authenticity.
|
||||
|
||||
In case you discover a security issue, please use this contact for reporting it privately
|
||||
and please, if possible, use encrypted E-Mail:
|
||||
|
||||
Thomas Waldmann <tw@waldmann-edv.de>
|
||||
|
||||
GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393
|
||||
|
||||
The public key can be fetched from any GPG keyserver, but be careful: you must
|
||||
use the **full fingerprint** to check that you got the correct key.
|
||||
|
||||
Links
|
||||
-----
|
||||
|
||||
|
|
|
|||
|
|
@ -64,6 +64,9 @@ and compare that to our latest release and review the :doc:`changes`.
|
|||
Standalone Binary
|
||||
-----------------
|
||||
|
||||
.. note:: Releases are signed with an OpenPGP key, see
|
||||
:ref:`security-contact` for more instructions.
|
||||
|
||||
|project_name| binaries (generated with `pyinstaller`_) are available
|
||||
on the releases_ page for the following platforms:
|
||||
|
||||
|
|
|
|||
|
|
@ -56,3 +56,21 @@ As a developer, you can become a Bounty Hunter and win bounties (earn money) by
|
|||
contributing to |project_name|, a free and open source software project.
|
||||
|
||||
We might also use BountySource to fund raise for some bigger goals.
|
||||
|
||||
.. _security-contact:
|
||||
|
||||
Security
|
||||
--------
|
||||
|
||||
In case you discover a security issue, please use this contact for reporting it privately
|
||||
and please, if possible, use encrypted E-Mail:
|
||||
|
||||
Thomas Waldmann <tw@waldmann-edv.de>
|
||||
|
||||
GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393
|
||||
|
||||
The public key can be fetched from any GPG keyserver, but be careful: you must
|
||||
use the **full fingerprint** to check that you got the correct key.
|
||||
|
||||
`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
|
||||
please use GPG to verify their authenticity.
|
||||
|
|
|
|||
Loading…
Reference in New Issue