diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 79e830e..23ccc45 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -5,8 +5,6 @@ permissions: on: pull_request: - paths-ignore: - - '**.md' jobs: build: diff --git a/SECURITY.md b/SECURITY.md index bc77781..95f9834 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,14 +8,27 @@ AzureSignTool and AzureSign.Core currently only support the latest version. Use ### GitHub -Security issues or vulnerabilities should be reported privately using GitHub's vulnerability reporting. This option is available on the "Security" section in this repository. Additional information is available on the [GitHub Documentation](https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). +Security issues or vulnerabilities should be reported privately using GitHub's vulnerability reporting. This option is available on the "Security" section in this repository. Additional information is available on the [GitHub Documentation](https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-secur ### E-mail If using GitHub reports is not preferred or you do not have a GitHub account, email at kevin@vcsjones.dev is acceptable. If necessary, email content can be encrypted using [age](https://filippo.io/age) using the following recipient key: +```plain +age1pq1n36gramujxmmdymmjv9rsfzs7fq3qfwjts5jvy0svj2993fjh5fs76qprc57krng8yk8hefwgfmp6exc3ddv00pj2xgtrem7zsf9g70hg32ykndkwy55jzmtc9v2lc5crw2n9245r38yncpp62fplymgnmc4v7mg54snz2p8h9ef3rag3hv8dq6wzfpeamp9q5558rt6ynwrvgcuckgvddn9n8ffxk45tw2dq0ttepjsupfqyx6pvtw52ne2es99lp8mnz346us5mnqfz38yc8t9z5sxkdvl2spelvts0r2qypuf8yxcd6dv8ujk7kq9vktf3yss7sq8y9gfzpv2exz3n522grpqhpfljwxyd9yyq0p9qtyrrg8mngucq3zycxeueutpz68l9rru5ppcew52j5gn453c0ppr5gyxz2tkx66xf4ympg5nrgqnnzalq2qnrymz06wv0tz392j0z0x3ue8ew25rcufu5jjnnyelkehwgc662yzskltj35ur47f6vusav4m0lf3l9e9hwqm249vds42avjrhzx99f6jf4ehe9qhlqmnz75z7a4j5u0wta98jk32gz8czyulumuz2fzjt9u6c296hg4t5j5unl258jlyqcgk3kxuzhvprzw5mepcgdyu99yjrgg0v90tdqe6cng6pqmxvt2qecklutdaqwa9cgmzpgzwv3qapv4um9dx46egvufv4g9xp82lp3pwvf9ntgum2223mfw5x0u24tx5qsxtlgp30ly2uncdudkm8hfsl28q649rdt4rn48evvzdpxkpwfrrkvf3mz32ctecp2g5xxllwe26jmq94dftur59pzz45j2y7v02m6a3vl89nxfnvxtc9p2wnxguv6wag6zrl7yy8pquvf0dq27ef3sanpe4k84fv8acxsmyh0gmtxqx3spme27at4fw95svxzzehqat6ygqqkc5jh5ret68pyxs7k77rgsawm7gmxj7mqq03y8mp6e3p5saaahcjcefg84vncehh7pe6zlpf4m6tee7nppmcj6ezq6aaqk4kumcfg3atzcchyuh2g3uqpf5dg6v3ag2zhlezv0vpcyxd4u4mg9n85gxucumm8ggtnww9kjdpcwj2zxtvrr4j5c2a0wwnypm234tz4ul5kxgdsvel9qrgszy3dvzfzw86kc0fye6w7sjgqc666hn6uanqj4p94zrkrjmpe4y225rgzgc98a2uefd2g7pyt8rtme9p5prspu54y82aqz9n932tjgteywrx5m79s6c64pgkezekjxecu8wpghlmd0ft9ghcl3vsr8s2hsdypje6nne7gpjkplpszh5xtwc2244cerl8uq9wspa9kap949ff9uxg489plddrtyvgy3aehn8zduyf4gad7ysndg2cd5csc98k05phwlgf70q6wq2gzex269huq4kuzystnwymw4fq4pp5wmz2vveqp323299fj75m673nhq04rh6jcfyruuqwmy43jl2jg4xm2f6dpx7d03ktj8pr8xykj5pmhcrvv4nfkfafc2m5g3s8wsazxl7rjf0s333zac2m5cdnqtem9gnhhnp3kyz4u2pzrdcmr6lrjz5kzgn4sj6pvju7ujs9f7fypxerdg2zu9k0xatszyd6845mjs23t3lv5svjqa4wjz2fh6mrvwwkzljnzplpje6l64tkavz354wdzcnhtja4cspf2ar6jvz6w8kfjy2ysuq3ly9h4htszgu9zu4lga4lz5v7gdskahrs2rruyd855w2u6yfg2wusxlvyum6qdrk0jfsfc4nqr32t47t5ky36tc29smsp27yv557fraydh4a00aw2ykt8gkl2wwsqy83fj62rdst0c6ylpdgynf3snxkwc2fc6y7hxgfapcs6lgaj5w794rx7s6t9ns9a4t8mrww4xu9x4amh +``` + +age 1.3.0 or later is required for the post-quantum recipient key support. Alternatively, an age plugin can support post-quantum recipients with previous versions of age. See the [age 1.3.0 release notes](https://github.com/FiloSottile/age/releases/tag/v1.3.0) for details. + +
+Previous Keys + +The following are previous keys that were used for reports. To my knowledge, they are not compromised however are no longer used. The values exist her for posterity. + ```plain age1jns778dpwkxta0e6tjv3345jy6dfr8a8mq9xznge7muyz6nu0v5sg7x6wn ``` +
+ E-mail responses and handling will be slower than using the GitHub provided mechanism.