Security disclosure policy#

The canonical Salt security policy, contact information and PGP public key live in the SECURITY.md file at the root of the Salt source tree.

To avoid this page drifting out of sync with the live document, see:

That file is the authoritative source for:

  • the security contact email

  • the current GPG key ID and fingerprint

  • the full ASCII-armored GPG public key

  • the security response procedure

Receiving security announcements#

For receiving security announcements, see the SECURITY.md file linked above. Notifications are sent to the salt-packagers, salt-users and salt-announce mailing lists.