security: add private distributor list, and its application template
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>release-3.5
parent
4f34f14830
commit
f18f609bcd
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
name: Distributors Application
|
||||||
|
title: Distributors Application for <YOUR DISTRIBUTION HERE>
|
||||||
|
about: Apply for membership of security@etcd.io
|
||||||
|
---
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Please answer the following questions and provide supporting evidence for
|
||||||
|
meeting the membership criteria.
|
||||||
|
-->
|
||||||
|
|
||||||
|
**Actively monitored security email alias for our project:**
|
||||||
|
|
||||||
|
**1. Have a user base not limited to your own organization.**
|
||||||
|
|
||||||
|
**2. Have a publicly verifiable track record up to present day of fixing security issues.**
|
||||||
|
|
||||||
|
**3. Not be a downstream or rebuild of another distribution.**
|
||||||
|
|
||||||
|
**4. Be a participant and active contributor in the community.**
|
||||||
|
|
||||||
|
**5. Accept the Embargo Policy.**
|
||||||
|
<!-- https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#disclosures -->
|
||||||
|
|
||||||
|
**6. Be willing to contribute back.**
|
||||||
|
<!-- Per https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#patch-release-and-public-communication -->
|
||||||
|
|
||||||
|
**7. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.**
|
|
@ -35,3 +35,13 @@ A public disclosure date is negotiated by the etcd Product Security Committee an
|
||||||
## Security Audit
|
## Security Audit
|
||||||
|
|
||||||
A third party security audit was performed by Trail of Bits, find the full report [here](SECURITY_AUDIT.pdf).
|
A third party security audit was performed by Trail of Bits, find the full report [here](SECURITY_AUDIT.pdf).
|
||||||
|
|
||||||
|
## Private Distributor List
|
||||||
|
|
||||||
|
This list provides actionable information regarding etcd security to multiple distributors. Members of the list may not use the information for anything other than fixing the issue for respective distribution's users. If you continue to leak information and break the policy outlined here, you will be removed from the list.
|
||||||
|
|
||||||
|
### Request to Join
|
||||||
|
|
||||||
|
New membership requests are sent to security@etcd.io.
|
||||||
|
|
||||||
|
File an issue [here](https://github.com/etcd-io/etcd/issues/new?template=distributors-application.md), filling in the criteria template.
|
||||||
|
|
|
@ -11,7 +11,11 @@ The PSC is responsible for organizing the entire response including internal com
|
||||||
The initial PSC will consist of volunteers who have been involved in the initial discussion:
|
The initial PSC will consist of volunteers who have been involved in the initial discussion:
|
||||||
|
|
||||||
- Brandon Philips (**[@philips](https://github.com/philips)**) [4096R/154343260542DF34]
|
- Brandon Philips (**[@philips](https://github.com/philips)**) [4096R/154343260542DF34]
|
||||||
|
- Gyuho Lee (**[@gyuho](https://github.com/gyuho)**)
|
||||||
|
- Joe Betz (**[@jpbetz](https://github.com/jpbetz)**)
|
||||||
- Sahdev Zala (**[@spzala](https://github.com/spzala)**)
|
- Sahdev Zala (**[@spzala](https://github.com/spzala)**)
|
||||||
|
- Sam Batschelet (**[@hexfusion](https://github.com/hexfusion)**)
|
||||||
|
- Xiang Li (**[@xiang90](https://github.com/xiang90)**)
|
||||||
|
|
||||||
The PSC members will share various tasks as listed below:
|
The PSC members will share various tasks as listed below:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue