From 23f063afb8b32d42c73cc1491b45f4132e9cdf72 Mon Sep 17 00:00:00 2001 From: lvzhangcheng Date: Tue, 11 Aug 2020 11:20:42 +0800 Subject: [PATCH] add public key and modified report way. --- security/cve-report_en.md | 20 +---------- security/cve-report_zh_cn.md | 21 ++---------- security/public_key_securities.asc | 55 ++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 38 deletions(-) create mode 100644 security/public_key_securities.asc diff --git a/security/cve-report_en.md b/security/cve-report_en.md index 3ebd3b9..19f9993 100644 --- a/security/cve-report_en.md +++ b/security/cve-report_en.md @@ -14,27 +14,9 @@ To build a more secure AI framework, we sincerely invite you to join us. If you find a suspected security issue, use [Suspected Security Issue Reporting Template](https://gitee.com/mindspore/community/blob/master/security/template/report-template_en.md) to report it so that the community vulnerability management team (VMT) is able to confirm and fix the issue as soon as possible with sufficient details. Your email will be confirmed within one working day. Within seven days, we will provide more detailed replies to your suspected security issues and provide the next-step handling policy. -To ensure security, please use the PGP public key to encrypt your email before sending it. +To ensure security, please use the [PGP public key](https://gitee.com/mindspore/community/blob/master/security/public_key_securities.asc) to encrypt your email before sending it. + Security email address: -+ PGP public key: - ``` - -----BEGIN PGP PUBLIC KEY BLOCK----- - - iQG2BCABCgAgFiEEwUbNw8zaTIe27U8lt42TVbzPfREFAl58v18CHQAACgkQt42T - VbzPfRGVswwAnSIi1fE0CzIkxPrhfcnfF+vx5y+qpk6ssFr5iFuepBSbA+ZGhaDn - ULYOkBMnGfrgzjw8OzMK7vKIgR2ymmuTJt9qpFH4OIXRX1OXoMYnkPxrQJFpNZpP - BvnxmEey0VOvz9Y3Fa4mHMjvA3I2pbSlH+T2wkGQRO5zhKN7NhQfRFgyFNQT2l5m - pPBdm+sAs5ty6eQuSZF1wECIW17WB53o171DTNbAPySEfOLvq0orNAJWjT4sR1jn - 9M20t3DpjC5dZuMCUuZTbCgHkaLOo0ZkwMXV+dPkm/4hMWLVPxRvlkH02PI++KBl - N8cW+TZb1YN/va9Nrjh+Ah50Px2nmQ/fk60VHKj5hTb8U+PSPGlvWUALwb6ckm55 - nUcBvFiDpe7uAtX88sv2kBR6gIbr0pW9JwOnBLjxGoM3lgfrIot1qFWdBGJrRnIo - bgMtm0PEcwRfHefJY//4BiDgg2ef9DIX7VSSb6rV0HJpNz0IAxyzG41BdSG+3dSb - ns0y2L0F2M+N - =HPa4 - - -----END PGP PUBLIC KEY BLOCK----- - ``` ## MindSpore Community Security Issue Disclosure Process diff --git a/security/cve-report_zh_cn.md b/security/cve-report_zh_cn.md index 863fa01..566b4eb 100644 --- a/security/cve-report_zh_cn.md +++ b/security/cve-report_zh_cn.md @@ -14,27 +14,10 @@ MindSpore作为一个同时支持端/边缘/云场景的训练推理框架,在 如果您发现了疑似安全问题,请您使用[疑似安全问题上报模板](https://gitee.com/mindspore/community/blob/master/security/template/report-template_zh_cn.md)进行反馈,以便社区漏洞管理团队在能够获得足够详细信息的条件下,尽快确认并修复问题。您的邮件将在1个工作日内得到确认,在7天内对您反馈的疑似安全问题提供更详细的回复,并给出下一步的处理策略。 -鉴于安全问题的敏感性,请使用PGP公钥加密后发送。 +鉴于安全问题的敏感性,请使用[PGP公钥](https://gitee.com/mindspore/community/blob/master/security/public_key_securities.asc)加密后发送。 + 安全邮箱: -+ PGP公钥: - ``` - -----BEGIN PGP PUBLIC KEY BLOCK----- - - iQG2BCABCgAgFiEEwUbNw8zaTIe27U8lt42TVbzPfREFAl58v18CHQAACgkQt42T - VbzPfRGVswwAnSIi1fE0CzIkxPrhfcnfF+vx5y+qpk6ssFr5iFuepBSbA+ZGhaDn - ULYOkBMnGfrgzjw8OzMK7vKIgR2ymmuTJt9qpFH4OIXRX1OXoMYnkPxrQJFpNZpP - BvnxmEey0VOvz9Y3Fa4mHMjvA3I2pbSlH+T2wkGQRO5zhKN7NhQfRFgyFNQT2l5m - pPBdm+sAs5ty6eQuSZF1wECIW17WB53o171DTNbAPySEfOLvq0orNAJWjT4sR1jn - 9M20t3DpjC5dZuMCUuZTbCgHkaLOo0ZkwMXV+dPkm/4hMWLVPxRvlkH02PI++KBl - N8cW+TZb1YN/va9Nrjh+Ah50Px2nmQ/fk60VHKj5hTb8U+PSPGlvWUALwb6ckm55 - nUcBvFiDpe7uAtX88sv2kBR6gIbr0pW9JwOnBLjxGoM3lgfrIot1qFWdBGJrRnIo - bgMtm0PEcwRfHefJY//4BiDgg2ef9DIX7VSSb6rV0HJpNz0IAxyzG41BdSG+3dSb - ns0y2L0F2M+N - =HPa4 - - -----END PGP PUBLIC KEY BLOCK----- - ``` + ## MindSpore社区安全问题披露流程 diff --git a/security/public_key_securities.asc b/security/public_key_securities.asc new file mode 100644 index 0000000..79d6350 --- /dev/null +++ b/security/public_key_securities.asc @@ -0,0 +1,55 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: Keybase OpenPGP v1.0.0 +Comment: https://keybase.io/crypto + +xsBNBF8wxmcBCADQgjuS6JSvD5rbOstF/pkPahLpVubGYFJbrPLnCJywmZ0fq8fv +UUcOJSM5wdPEq7LHwAq1pU0Khf3w0We+ld0zwCs7RtQOY9TddaovQxhrxQG+SJXM ++S9HE4YX1ktXPuRk/AGByk3jwYa7W63IvAoGRqPoUGwO0YkQjNU3S5RUmVB2exk6 +P3qY7hbjc68TOiX+J0vCy4f0uWKIzWjTIt9JkODtJv2ssaWwu192ZDJLb0JkWinU +LaKKRNorPS5Dy1jIsbVj7y9Qf4TKGMj7WI+9di3w0D/Aiij6Voh766l9E/PLUZ3W +/xcfRTvDnohoIYqcYnIjDcl97NRX3YOM1iA3ABEBAAHNNG1pbmRzcG9yZS1zZWN1 +cml0eSA8bWluZHNwb3JlLXNlY3VyaXR5QG1pbmRzcG9yZS5jbj7CwG0EEwEKABcF +Al8wxmcCGy8DCwkHAxUKCAIeAQIXgAAKCRDonEDWTnblPk4sCACRdC01UAUAstRi +egZbaSYGhTBfJGvh23kjTGJnoxnK+7TxGp7Cm1w9rn3Y0gLK9mCyksYSSkd+FK6Y +r7A3x3JEmL54D/BTJj6comTYLZP8u0C2S/ifivILSxwZ0xNmf9HMyTWqvXaD2wTT +pPCuKBQHgKU4twI6/tsdGwqZRn0E3vddz5SwZ8enXS2QbijUDRqKaljQkj6ZWrOL +YFFff7J5BusEfPIX54imGiV2EFIhvm53mYK2zl7L60QcW20HauGaY0IzQUxVGl1E +9CRc7/duyVEOJWWwp0IMXDHbOBCr+ViUqubIY0SBSvXqpy2Z0dUQkYK3Z54J0oHA +sQ0e8e4LzsBNBF8wxmcBCADJ8gP8cUxMPGIZwbPmsyZHcba2C99tfT1qwCfuMIZS +KuOzUQfH6nilXhi5WlCpGGVypdCQLSl8wU24OQPmKv1D5y0r2h1DI2Ipya3THn7r +CTP07MgqOzbdHPnqWgYOVH376FpgXqcxG1/GlicKnInTFuWt7iSlFDD9eX3JLHRa +CDFm4YEwpO3HAsXzuP9wxRpEccO7Q68x2dzflfbV0TDl3f8GU6fdNHK8xSOixRyY +4oq3z7hP3bnFC1yBs2UV6Px/BUseLtmvWGl+3xL5zvLyzWyWcPdqN4CcuI/7LXk+ +mAHeLBSNiV59Tjyv7KMqKppBu5vEWpeeavSNORvmwJOBABEBAAHCwYQEGAEKAA8F +Al8wxmcFCQ8JnAACGy4BKQkQ6JxA1k525T7AXSAEGQEKAAYFAl8wxmcACgkQMBVh +JvIIuQuOrQf/bO5H88GnJ+mZz/R07S9IANcS+UvnDYkEVhbIMfdJN0uUOF7PwL2K +MjsnCPc9WgKc3Vf12x28+tpqSJtM1Zk9EDvhaqiu9vOpAHpzSVAsJpjd2M8InZwc +1XXqXC44AvEYj49QW63Wh8pu8RFAK6DY2FTOF4qTXQkV2lu0ocE2KCJkcC4KfwLf +27pyBHpb5yeP6bUrYYdduhzAZQxD313rd+YfZqycMlZafjqSQifTGpgpjh7fQ3jS +TtvDwLTmXdzzW72IaYgrOir6jFeuBB2gpNSV71uYReLLxiJ+1ngNhAbGuDp3k3Ix +inCF1dzkkGEa8Uk7MAiP9L80k2gaSzPRryhWB/0ZGLi3/KegKGlIGdlP1UwAsxgS +pkbgYnb+q25jDeoKWMRgTFB+ZurqxXqPtQp9cznQ5fXNldnE/EIC363jr4rgUlfR +V+ouAr3/yKK/2loLIUvmIdnBEIYJl+gRQrM94mAKpJTr8mEZlzoO7ChY5s99XJEL +UgAs/Q+k2ISp080qzLTCYmfmXaAdvOKdaphLhHJPmf0bAS+IX2TI6PjQetfkumae +PWjahmA6cAqQDy4/fFWMTFIvzdQvPICPdHEklKvmLmIuSN8ciYY9GJTygnW7HJcA +laH6RG45EyWrTQRAuIgrVl8PdILuaAjdmEWRdOITnxj6IrB5Ggr3RQnuLuUqzsBN +BF8wxmcBCADZD+WhuNgEd7CIuNXO6dd3TJuBEMBdpmrxUCuh/KEz3BiiE4wMcv3q +wwpd0EpUDuORq/wTyrJnBOq82mdQMbDSPoP4WBmGGVUvf84IiDU5m2ZgD6kq1Aur +dCZsuBWAWSLyPIY1Kqk5VNId46sZwDhc5ueXobe6V0pr1IlRgYdPYo52OCXLVSWy +NCt1NPD00ln74m2JcodnCax3IpFjbaBQylxkFuzTNUxxyL2N2ZQHQjnuOakyG/zm +MT/otKHLytPNvfsAvSpNZ+RQZMAYUDR7YoXC5qjY2zNIGw6nO2zOwmQ6q/QJdgeb +Q5Iy4bWclAeYvId+RjVKU6ZP79hw+et7ABEBAAHCwYQEGAEKAA8FAl8wxmcFCQ8J +nAACGy4BKQkQ6JxA1k525T7AXSAEGQEKAAYFAl8wxmcACgkQnk09g1xm9S7DDQgA +orf4j7UcZRbhaRSeqY/u9ExN8a6DTf2GOru5ru0xvnfBOLmfqnfGz0oN7lun6hMg +sRKKQHFJc2950w40ewsPTKOqRFdwT2nzZ/RM5hQWGOgE2MOo4rmlq0caZ4nwPeva ++JgUW9LhGAd0h8iRWUr03Cjzy7WLrIl3W6yDeQ516HnAeEShz5tw1hse257EW5tE +suYPIU4L1b/W6VxI9jB5wpnMP0IKzu4+TL4eCXTCNS6PTLjmdex/1P3pWymLTAw2 +ZkR4U0yCjckYhbXhRDcwdD1glkRpE/oUjC5SuqV9WqUs8py94JCpPSNsGb2kplKk +IM5oNvOUlkOHEojcgAMedh9HB/sHqEYvMIgQuiTEluCNr+xww/7oAMUcYD38XwrF +eKob87W//x6bMu2XygM0zXfpM0V5xYIG6VDLg0gythzxcC+JOUmKmDhFLGWsvs3f +plA1BUXEJALxeZMbtTta0kr0pw0nIKN+zazaJmGwkREs2df+XDfuyxWxNt17H46p +RvsDafIw+E6nl+MfR/ZlcCmrtm6JZSzKQufph/+xVgLHRlMOKKs+0151EDSzGEra +nDCvnhLfFha+ro4xl70QgKu6hlRu/0oxCfx/jh8/kKOXeuOwfuTsBWXRysfxqY57 +b82gD5e2OFeB+F2PnIPIpst5iyT9I12NeTSUeEml5b/gw4JH +=UBbA +-----END PGP PUBLIC KEY BLOCK----- -- GitLab