Bläddra i källkod

doc: add info on reporting security issues

j8
Saúl Ibarra Corretgé 6 år sedan
förälder
incheckning
07bf95f838
2 ändrade filer med 21 tillägg och 1 borttagningar
  1. 11
    0
      .github/ISSUE_TEMPLATE/4-security-issues.md
  2. 10
    1
      README.md

+ 11
- 0
.github/ISSUE_TEMPLATE/4-security-issues.md Visa fil

1
+---
2
+name: Security issues
3
+about: Please email security@jitsi.org
4
+
5
+---
6
+
7
+We take security very seriously and develop all Jitsi projects to be secure and safe.
8
+
9
+If you find (or simply suspect) a security issue in any of the Jitsi projects, please send us an email to security@jitsi.org.
10
+
11
+We encourage responsible disclosure for the sake of our users, so please reach out before posting in a public space.

+ 10
- 1
README.md Visa fil

45
 Jitsi Meet provides a very flexible way of embedding in external applications by using the [Jitsi Meet API](doc/api.md).
45
 Jitsi Meet provides a very flexible way of embedding in external applications by using the [Jitsi Meet API](doc/api.md).
46
 
46
 
47
 ## Security
47
 ## Security
48
-WebRTC does not provide a way of conducting multi-party conversations with end-to-end encryption. 
48
+
49
+WebRTC does not (yet) provide a way of conducting multi-party conversations with end-to-end encryption. 
49
 Unless you consistently compare DTLS fingerprints with your peers vocally, the same goes for one-to-one calls.
50
 Unless you consistently compare DTLS fingerprints with your peers vocally, the same goes for one-to-one calls.
50
 As a result, your stream is encrypted on the network but decrypted on the machine that hosts the bridge when using Jitsi Meet.
51
 As a result, your stream is encrypted on the network but decrypted on the machine that hosts the bridge when using Jitsi Meet.
51
 
52
 
57
 The [meet.jit.si](https://meet.jit.si) service is maintained by the Jitsi team
58
 The [meet.jit.si](https://meet.jit.si) service is maintained by the Jitsi team
58
 at [8x8](https://8x8.com).
59
 at [8x8](https://8x8.com).
59
 
60
 
61
+## Security issues
62
+
63
+We take security very seriously and develop all Jitsi projects to be secure and safe.
64
+
65
+If you find (or simply suspect) a security issue in any of the Jitsi projects, please send us an email to security@jitsi.org.
66
+
67
+**We encourage responsible disclosure for the sake of our users, so please reach out before posting in a public space.**
68
+
60
 ## Acknowledgements
69
 ## Acknowledgements
61
 
70
 
62
 Jitsi Meet started out as a sample conferencing application using Jitsi Videobridge. It was originally developed by ESTOS' developer Philipp Hancke who then contributed it to the community where development continues with joint forces!
71
 Jitsi Meet started out as a sample conferencing application using Jitsi Videobridge. It was originally developed by ESTOS' developer Philipp Hancke who then contributed it to the community where development continues with joint forces!

Laddar…
Avbryt
Spara