Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 940c92ff68d4b1de5d772520b0b148a40d813176^! / .
commit940c92ff68d4b1de5d772520b0b148a40d813176[log] [tgz]
authorAlex Gaynor <alex.gaynor@gmail.com>Fri Feb 19 06:34:39 2016 -0500
committerAlex Gaynor <alex.gaynor@gmail.com>Fri Feb 19 06:34:39 2016 -0500
treece113c81055b368e4382a1f774f19ecabc5cfd57
parentf068325e25dbacd1c12e6b684539320f1ce18c4c [diff]
Several updates to our security docs:

- Document what we consider a vulnerability
- Update my prefered PGP key identifier
- Clarify that we only provide security support for the most recent release (this has empirically been true for all of our releases

diff --git a/docs/security.rst b/docs/security.rst
index 13f9996..424fdb6 100644
--- a/docs/security.rst
+++ b/docs/security.rst

@@ -5,6 +5,39 @@
 policies we have adopted to ensure that security issues are addressed in a
 timely fashion.
 
+What is a security issue?
+-------------------------
+
+Anytime it's possible to write code using ``cryptography``'s public API which
+does not provide the guarntees that a reasonable developer would expect it to
+based on our documentation.
+
+That's a bit academic, but basically it means the scope of what we consider a
+vulnerability is broad, and we do not require a proof of concept or even a
+specific exploit, merely a reasonable threat model under which ``cryptography``
+could be attacked.
+
+To give a few examples of things we would consider security issues:
+
+* If a recipe, such as Fernet, made it easy for a user to bypass
+  confidentiality or integrity with the public API (e.g. if the API let a user
+  reuse nonces).
+* If, under any circumstances, we used a CSPRNG which wasn't fork-safe.
+* If ``cryptography`` used an API in an underlying C library and failed to
+  handle error conditions safely.
+
+Examples of things we wouldn't consider security issues:
+
+* Offering ECB mode for symmetric encryption. Though ECB is critically weak, it
+  is documented as being weak in our documentation.
+* Using a variable time comparison somewhere, if it's not possible to
+  articulate any particular program in which this would result in problematic
+  information disclosure.
+
+In general, if you're unsure, we request that you to default to treating things
+as security issues and handling them sensitively, the worst thing that can
+happen is that we'll ask you to file a bug issue.
+
 Reporting a security issue
 --------------------------
 
@@ -14,7 +47,7 @@
 If you believe you've identified a security issue with ``cryptography``, please
 report it to ``alex.gaynor@gmail.com``. Messages may be optionally encrypted
 with PGP using key fingerprint
-``E27D 4AA0 1651 72CB C5D2  AF2B 125F 5C67 DFE9 4084`` (this public key is
+``F7FC 698F AAE2 D2EF BECD  E98E D1B3 ADC0 E023 8CA6`` (this public key is
 available from most commonly-used key servers).
 
 Once you've submitted an issue via email, you should receive an acknowledgment
@@ -25,7 +58,7 @@
 ------------------
 
 At any given time, we will provide security support for the `master`_ branch
-as well as the 2 most recent releases.
+as well as the most recent release.
 
 New releases for OpenSSL updates
 --------------------------------