Security disclosure policy#
The canonical Salt security policy, contact information and PGP public key
live in the SECURITY.md file at the root of the Salt source tree.
To avoid this page drifting out of sync with the live document, see:
That file is the authoritative source for:
the security contact email
the current GPG key ID and fingerprint
the full ASCII-armored GPG public key
the security response procedure
Receiving security announcements#
For receiving security announcements, see the SECURITY.md file linked
above. Notifications are sent to the salt-packagers, salt-users and
salt-announce mailing lists.