diff mbox

[FFmpeg-devel] web/security: Add links to GPG keys, for people who want to send encrypted mail

Message ID 20160803121721.3531-1-michael@niedermayer.cc
State Withdrawn
Headers show

Commit Message

Michael Niedermayer Aug. 3, 2016, 12:17 p.m. UTC 
---
 src/security | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Moritz Barsnick Aug. 3, 2016, 12:58 p.m. UTC | #1 
On Wed, Aug 03, 2016 at 14:17:21 +0200, Michael Niedermayer wrote:
> +If you wish to use PGP/GnuPG you can use.

This sounds slightly strange.
->
"If you wish to use PGP/GnuPG please do so."

(Is this preferred by the list? Then that should be expressed.)
Carl Eugen Hoyos Aug. 3, 2016, 1:02 p.m. UTC | #2 
2016-08-03 14:58 GMT+02:00 Moritz Barsnick <barsnick@gmx.net>:
> On Wed, Aug 03, 2016 at 14:17:21 +0200, Michael Niedermayer wrote:
>> +If you wish to use PGP/GnuPG you can use.
>
> This sounds slightly strange.
> ->
> "If you wish to use PGP/GnuPG please do so."
>
> (Is this preferred by the list? Then that should be expressed.)

It is about emails sent to ffmpeg-security.if the reporter needs it.

Carl Eugen
Michael Niedermayer Aug. 3, 2016, 2:27 p.m. UTC | #3 
On Wed, Aug 03, 2016 at 03:02:38PM +0200, Carl Eugen Hoyos wrote:
> 2016-08-03 14:58 GMT+02:00 Moritz Barsnick <barsnick@gmx.net>:
> > On Wed, Aug 03, 2016 at 14:17:21 +0200, Michael Niedermayer wrote:
> >> +If you wish to use PGP/GnuPG you can use.
> >
> > This sounds slightly strange.
> > ->
> > "If you wish to use PGP/GnuPG please do so."
> >
> > (Is this preferred by the list? Then that should be expressed.)
> 
> It is about emails sent to ffmpeg-security.if the reporter needs it.

yep and i dont think everyone on security@ has a gpg key fingerprint
in MAINTAINERs so using gpg has ATM a disadvantage of limiting
recipients

[...]
diff mbox

Patch

diff --git a/src/security b/src/security
index ae89f9b..20c4d5d 100644
--- a/src/security
+++ b/src/security
@@ -1,4 +1,11 @@ 
-<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
+<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a>.
+If you wish to use PGP/GnuPG you can use.
+<a href="https://pgp.mit.edu/pks/lookup?search=0x9FF2128B147EF6730BADF133611EC787040B0FAB&op=get">key1</a>,
+<a href="https://pgp.mit.edu/pks/lookup?search=0x52D03A82D445F194DB8B2B1687EE2CB8F4B8FCF9&op=get">key2</a> and
+<a href="https://pgp.mit.edu/pks/lookup?search=0xC61D16E59E2CD10C895838A40899A2B906D4D9C7&op=get">key3</a>.
+Please use all keys if you encrypt.
+PGP key fingerprints are also in the <a href="https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/MAINTAINERS">MAINTAINERS file</a>.
+</p>
 
 <h2>FFmpeg 2.8</h2>