Add remark about signed commits in SECURITY.md
This commit is contained in:
parent
0d462fb147
commit
325da61ccc
@ -5,7 +5,7 @@ This document gives an overview to the applied security standards that are in us
|
|||||||
### Global
|
### Global
|
||||||
|
|
||||||
- The OS and software is updated every week (Thursdays, 22:00 - 23:59 CEST).
|
- The OS and software is updated every week (Thursdays, 22:00 - 23:59 CEST).
|
||||||
- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see misc/softraid.pdf for the specification).
|
- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see `misc/softraid.pdf` for the specification).
|
||||||
- The server _solely_ runs the Gitea stack (with Nginx and PostgreSQL), thus preventing additional attack surface.
|
- The server _solely_ runs the Gitea stack (with Nginx and PostgreSQL), thus preventing additional attack surface.
|
||||||
|
|
||||||
### Web front-end
|
### Web front-end
|
||||||
@ -20,5 +20,6 @@ This document gives an overview to the applied security standards that are in us
|
|||||||
|
|
||||||
### Etc
|
### Etc
|
||||||
|
|
||||||
|
- Official commits (eg, in the laylo/docs repository) are GPG signed, and MFA is enforced for accounts with write access).
|
||||||
- Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository.
|
- Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository.
|
||||||
- SSH is hardened (PKI authentication, MFA via hardware tokens, highest level ciphersuites).
|
- SSH is hardened (PKI authentication, MFA via hardware tokens, highest level ciphersuites).
|
||||||
|
Loading…
Reference in New Issue
Block a user