From 325da61ccc9c83e26730b0772afdb8f2590efd9b Mon Sep 17 00:00:00 2001 From: jeroen Date: Wed, 17 Aug 2022 17:39:37 +0200 Subject: [PATCH] Add remark about signed commits in SECURITY.md --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index fe8ace7..d2eec54 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,7 +5,7 @@ This document gives an overview to the applied security standards that are in us ### Global - The OS and software is updated every week (Thursdays, 22:00 - 23:59 CEST). -- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see misc/softraid.pdf for the specification). +- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see `misc/softraid.pdf` for the specification). - The server _solely_ runs the Gitea stack (with Nginx and PostgreSQL), thus preventing additional attack surface. ### Web front-end @@ -20,5 +20,6 @@ This document gives an overview to the applied security standards that are in us ### Etc +- Official commits (eg, in the laylo/docs repository) are GPG signed, and MFA is enforced for accounts with write access). - Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository. - SSH is hardened (PKI authentication, MFA via hardware tokens, highest level ciphersuites).