Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / c6ba99dd6153e7c10c4fc37dcc7af464fc76853b^! / . / docs / security.rst
commitc6ba99dd6153e7c10c4fc37dcc7af464fc76853b[log] [tgz]
authorLucia Li <luciali@google.com>Mon Nov 08 22:06:11 2021 +0800
committerLucia Li <luciali@google.com>Thu Nov 11 11:40:19 2021 +0800
tree1bc0942b942becc5391abbaf74cb61a05a4e76cd
parent104d218456a1d4f2f71a14c2c112b4ca24fe7310 [diff] [blame]
Upgrade cryptography from 2.5 to 3.3

Source code is from https://github.com/pyca/cryptography/tree/3.3.x

Run setup.py locally and rename _openssl.so/_padding.so

Bug: 205265538
Test: None
Change-Id: If031739ef5830ba2fb177add74515e4660e2906e

diff --git a/docs/security.rst b/docs/security.rst
index 01845a4..d11f270 100644
--- a/docs/security.rst
+++ b/docs/security.rst

@@ -9,9 +9,9 @@
 --------------
 
 In addition to ``cryptography``'s code, we're also concerned with the security
-of the infrastructure we run (primarily ``cryptography.io`` and
-``ci.cryptography.io``). If you discover a security vulnerability in our
-infrastructure, we ask you to report it using the same procedure.
+of the infrastructure we run (primarily ``cryptography.io``).  If you discover
+a security vulnerability in our infrastructure, we ask you to report it using
+the same procedure.
 
 What is a security issue?
 -------------------------
@@ -53,10 +53,9 @@
 tracker.
 
 If you believe you've identified a security issue with ``cryptography``, please
-report it to ``alex.gaynor@gmail.com``. Messages may be optionally encrypted
-with PGP using key fingerprint
-``F7FC 698F AAE2 D2EF BECD  E98E D1B3 ADC0 E023 8CA6`` (this public key is
-available from most commonly-used key servers).
+report it to ``alex.gaynor@gmail.com`` and/or ``paul.l.kehrer@gmail.com``. You
+should verify that your MTA uses TLS to ensure the confidentiality of your
+message.
 
 Once you've submitted an issue via email, you should receive an acknowledgment
 within 48 hours, and depending on the action to be taken, you may receive
@@ -72,9 +71,9 @@
 --------------------------------
 
 As of versions 0.5, 1.0.1, and 2.0.0, ``cryptography`` statically links OpenSSL
-on Windows, macOS, and Linux respectively, to ease installation. Due to this,
-``cryptography`` will release a new version whenever OpenSSL has a security or
-bug fix release to avoid shipping insecure software.
+in binary distributions for Windows, macOS, and Linux respectively, to ease
+installation. Due to this, ``cryptography`` will release a new version whenever
+OpenSSL has a security or bug fix release to avoid shipping insecure software.
 
 Like all our other releases, this will be announced on the mailing list and we
 strongly recommend that you upgrade as soon as possible.