From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QLh9b-00021H-Uh for garchives@archives.gentoo.org; Sun, 15 May 2011 19:39:04 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A48711C02F; Sun, 15 May 2011 19:38:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 4C9631C02F for ; Sun, 15 May 2011 19:38:54 +0000 (UTC) Received: from flycatcher.gentoo.org (flycatcher.gentoo.org [81.93.255.6]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 48E8E1B4013 for ; Sun, 15 May 2011 19:38:53 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 2235) id 2511E20054; Sun, 15 May 2011 19:38:51 +0000 (UTC) From: "Alex Legler (a3li)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, a3li@gentoo.org Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en: coordinator_guide.xml vulnerability-policy.xml X-VCS-Repository: gentoo X-VCS-Files: coordinator_guide.xml vulnerability-policy.xml X-VCS-Directories: xml/htdocs/security/en X-VCS-Committer: a3li X-VCS-Committer-Name: Alex Legler Content-Type: text/plain; charset=utf8 Message-Id: <20110515193851.2511E20054@flycatcher.gentoo.org> Date: Sun, 15 May 2011 19:38:51 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 2eddff319a7f4c5688e77aaf2a323d05 a3li 11/05/15 19:38:51 Modified: coordinator_guide.xml vulnerability-policy.xml Log: Updating Vulnerability Policy and Coordinator Guide Revision Changes Path 1.26 xml/htdocs/security/en/coordinator_guide.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /coordinator_guide.xml?rev=3D1.26&view=3Dmarkup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /coordinator_guide.xml?rev=3D1.26&content-type=3Dtext/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /coordinator_guide.xml?r1=3D1.25&r2=3D1.26 Index: coordinator_guide.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/coordinator_guide.xm= l,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- coordinator_guide.xml 30 Oct 2009 10:31:52 -0000 1.25 +++ coordinator_guide.xml 15 May 2011 19:38:51 -0000 1.26 @@ -14,6 +14,9 @@ Robert Buchholz + + Alex Legler + =20 This document contains procedures, tips and tricks applying to the @@ -24,8 +27,8 @@ =20 -0.8.8 -2008-05-09 +0.9 +2011-05-15 =20 Prerequisites @@ -165,8 +168,7 @@

Kernel vulnerabilities are treated using a separate procedure. To easily distinguish them from the other bugs, they are filed under the Kernel= -category. Kernel bugs do not result in GLSAs but have their own publicat= ion -system (Gentoo KISS). +category. Kernel bugs do not result in GLSAs.

=20 @@ -207,7 +209,7 @@ until a public release, usually known as the embargo date or coordinated= release date. Restricted bugs have the "Gentoo Security" checkbox checked and therefore can only be accessed by Gentoo Security Team membe= rs. -External people (package maintainer, arch testers, Release Engineering) = may be +External people (package maintainers, arch testers) may be added on a per-name basis, aliases should never be used (because they ar= e too wide and won't allow bug comments).

@@ -269,11 +271,6 @@ The bug status, with optional extra information [ebuild+] - -coordinator -The nickname of the coordinator assigned to the bug, optional -koon - =20

@@ -321,6 +318,14 @@ glsa+ The GLSA is late, any GLSA coordinator can correct and send it + +cleanup +Waiting for the Gentoo package maintainer to remove vulnerable ebuil= ds from the tree + + +cleanup+ +No response from the maintainer, the Security Team should remove vul= nerable ebuilds as needed + =20

@@ -344,11 +349,6 @@ upstream+, ebuild+ -Arch names -When only one or two supported arches are blocking the bug -stable+ - - tempglsa When a temporary GLSA was issued as a temporary solution upstream+, ebuild+ @@ -369,10 +369,7 @@ C0 [stable] -A3 [ebuild] jaervosz - - -B1 [stable+ amd64] koon +B1 [stable blocked] =20 @@ -384,12 +381,14 @@ =20

When the fix is not available from the upstream developer and/or there i= s -no official patch to solve the problem, the bug is in [upstream] status.= If -the solution must be found amongst Gentoo developers, the bug is in [inh= ouse] -status. If a fix is available, the bug is in [ebuild] status. -If a fix ebuild is put -in the portage tree, the bug is in [stable] status. When the fix ebuild = is -in portage with all required keywords set, the bug is in [glsa] status. +no official patch to solve the problem, the bug is in [upstream] = status. +If a fix is available, the bug is in [ebuild] status. +If a fixed ebuild is put in the Portage tree, the next step is stabilizi= ng, so +the bug is in [stable] status. +When the fixed ebuild is in Portage with all required keywords set and i= f the +issue is severe enough to warrant a GLSA, the bug is in [glsa] st= atus. +Is the bug not severe enough, GLSA voting is next, so the status would b= e +[glsa?].

=20 @@ -399,18 +398,18 @@ =20

-In [upstream] status, we wait for the fix version or a decent patch to +In [upstream] status, we wait for the fixed version or a decent p= atch to appear. This status requires to regularly check upstream for information= : -development and announce mailing lists, websites, Bugs database, CVS whe= n -available, are all relevant sources of information. Unofficial patches m= ust -be taken into account only if the upstream developer does not react to t= he +development and announce mailing lists, websites, bugs database, VCS whe= n +available, are all other relevant sources of information. Unofficial pat= ches +must be taken into account only if the upstream developer does not react= to the vulnerability, and they must be thoroughly double-checked to ensure they are not evil. When a fix version is announced or a patch is found, the b= ug -enters [ebuild] status. +enters [ebuild] status.

=20

-If there is no reaction from upstream and no patch, we enter [upstream+] +If there is no reaction from upstream and no patch, we enter [upstrea= m+] status. The only option here is to security-mask the vulnerable package and issue a temporary GLSA if needed. See the policy for more details on= the security masking approval procedure. The status whiteboard should then b= e @@ -425,23 +424,24 @@ =20

-In [ebuild] status, we must identify the maintainer of the package, and -summon him to commit a fix ebuild. Sources to identify the herd or devel= oper +In [ebuild] status, we must identify the maintainer of the packag= e, and +summon him to commit a fixed ebuild. Sources to identify the herd or dev= eloper responsible for maintaining a package are the metadata.xml file in the directory of the package in portage and the Changelog file showing who d= id the -latest version bumps. You should Cc: the herd and/or maintainer responsi= ble -for the package on the bug and ask him to provide an ebuild for the fix +latest version bumps. You should Cc: the herd and maintainer responsible +for the package on the bug and ask him to provide an ebuild for the fixe= d version. You should periodically check that an ebuild wasn't committed -to portage without any comment on the bug (it happens). When the ebuild -appears, the bug enters [stable] status. +to Portage without any comment on the bug (it happens). When the ebuild +appears, the bug enters [stable] status.

=20

-If the maintainer doesn't show up, we enter [ebuild+] status. In case a = fixed -version is available, you should test if a simple version bump (renaming= the=20 -ebuild to the version and emerging it) works. If only a patch is availab= le, you -should test if it applies cleanly. Then you should find a security bug w= rangler -with x86 commit rights to do the bump and mark the ebuild ~ for testing. +If the maintainer doesn't show up, we enter [ebuild+] status. In = case a +fixed version is available, you should test if a simple version bump (re= naming +the ebuild to the needed/fixed version and emerging it) works. +If only a patch is available, you should test if it applies cleanly. +Then you should find a Security Team member with Portage tree commit rig= hts to +do the bump and mark the ebuild ~ for testing.

=20

@@ -449,7 +449,7 @@ the only option is to security-mask the unmaintained package and issue a temporary GLSA if needed. See the policy for more details on the security masking approval procedure. The status whiteboard should then b= e -flagged with masked and/or tempglsa keywords and bug severity set to +flagged with masked and/or tempglsa keywords and bug sever= ity set to enhancement.

=20 @@ -460,11 +460,11 @@ =20

-In [stable] status, you have to determine what KEYWORDS the provided ebu= ild -needs before the GLSA can go out. This can be tricky. You have to consid= er -every version currently in portage so that the fix ebuild has equally= or -more stable keywords than any other packages in portage. Here is an -example: +In [stable] status, you have to determine what KEYWORDS the provi= ded=20 +ebuild needs before the GLSA can go out. This can be tricky. +You have to consider every version currently in portage so that the fix +ebuild has equally or more stable keywords than any other package= s +in Portage. Here is an example:

=20 @@ -493,34 +493,29 @@ You can use http://packages.gentoo.org to help you determine the needed KEYWORDS. If affected packages were removed by the package -maintainer too early, you should use the -CVS access +maintainer too early, you should use our +ViewVC to dig in the Attic and look for old KEYWORDS. =20

-Once determined (and noted for reference on the bug) the needed KEYWORDS= , -you should Cc: arch teams and ask them to mark the ebuild stable or ~ +Once you have determined (and noted for reference on the bug) the needed= KEYWORDS, +you should Cc: arch teams and ask them to mark the ebuild stable or test= ing accordingly. To make sure that the arch teams will pick the bug up, don'= t forget to add "STABLEREQ" to the bug's "Keywords" field. The arches alias are archname@gentoo.org (x86@gentoo.org, ppc@gentoo.org...). All arches (inc= luding "unsupported" arches) must be called. But note that only "supported" arc= hes (as -defined in the policy) are needed before the bug can advance to [glsa] s= tatus +defined in the policy) are needed before the bug can advance to [glsa= ] status You should periodically check for new keywords in the ebuild, as sometim= es they are changed without a comment in the bug. As soon as the required KEYWOR= DS -are in the ebuild for all supported arches, the bug enters [glsa] status= . -

- -

-During a release preparation period you should also Cc: Release Engineer= ing -(release@gentoo.org) on all bugs with [stable] status. +are in the ebuild for all supported arches, the bug enters [glsa]= status.

=20

If the arch teams take too much time testing and changing the KEYWORDS, = or they refuse to mark stable a package due to outstanding problems, the bu= g -enters [stable+] status. We must track down arch-maintainers to have the= m -mark stable, help testing. You should also convince the arches that if t= hey +enters [stable+] status. We must track down arch maintainers to h= ave them +mark stable or help testing. You should also convince the arches that if= they discover a bug in the ebuild that already was in previous "stable" versi= ons, the ebuild should be marked "stable" anyway, even if it's not really sta= ble, as specified in the policy. If the KEYWORDS can't be met, the only other @@ -535,23 +530,51 @@ =20

-In [glsa] status, the security bug is corrected. We need to issue the GL= SA +In [glsa] status, the security bug is corrected. We need to issue= the GLSA or close the bug without GLSA. The policy determines the cases where a G= LSA is needed and where a GLSA is not needed. There are also cases where a G= LSA -vote must take place to decide if a GLSA is needed ([glsa?] status). +vote must take place to decide if a GLSA is needed ([glsa?] statu= s). If at least two Security Team members vote for "no GLSA", then no GLSA s= hould -be issued. The bug remains in [glsa] status until a GLSA is published. +be issued. The bug remains in [glsa] status until a GLSA is publi= shed.

=20

-When a GLSA is needed but nothing was sent, the bug enters [glsa+] statu= s. -It's the case when the assigned GLSA coordinator did not draft and/or -made peer-reviewed and/or sent his GLSA. Other members of the Security T= eam -should take the lead at this point and finalize the GLSA. +When a GLSA is needed but nothing was sent, the bug enters [glsa+] status. +This is the case when there are delays during drafting, reviewing or sen= ding +the advisory. Any member of the Security Team should take the lead and f= inalize +the GLSA.

=20 +
+Bugs in [cleanup] status + + +

+This status is not in order like the others. It is used to denote that t= he +maintainer needs to remove vulnerable ebuild versions in the tree. +

+ +

+For example, the foo package has a vulnerability in versions earl= ier +than 1.23. The version 1.24 was added to Portage and is stable already +(i.e. the stabilization was done before the security impact of the relea= se was +known), only old ebuilds need to be removed. The next status in this cas= e would +be [glsa] or [glsa?] depending on severity. +

+ +

+Another use case might be when a package was updated, and all steps are = done +(i.e. a GLSA was sent or the team decided against sending one), but the +vulnerable ebuilds should really be removed to avoid users accidentally +installing them, the bug could be left open and set to the [cleanup]<= /c> +state. This is usually not needed tough, but may be used on a case-to-ca= se base +when the Security Team has an elevated interest in vulnerable ebuilds +getting removed for whatever reasons. +

+ +
Confidential vulnerability bug management @@ -560,8 +583,8 @@ =20

-Confidential bugs should be following this pattern: "RATING [status] -coordinator KEYWORD CRD", where: +Confidential bugs should be following this pattern: RATING [status] +KEYWORD CRD, where:

=20
@@ -581,11 +604,6 @@ [ebuild+] -coordinator -The nickname of the coordinator assigned to the bug, optional -koon - -KEYWORDThe confidentiality level of the bug, can be CLASSIFIED, CONFIDENTIA= L, SEMI-PUBLICCLASSIFIED @@ -631,13 +649,13 @@ =20

Confidential and classified bugs need extra care. The ebuild and files f= ixing -the vulnerability should NOT be committed to portage CVS, and no part of= those -bugs should ever be discussed in public. Patches or portage overlay tarb= alls -can be attached to the bug, though. Testers will have to setup their own -overlay to test it. +the vulnerability should NOT be committed to the Portage tree, and no pa= rt of +those bugs should ever be discussed in public. Patches or Portage overla= y +tarballs can be attached to the bug, though. +Testers will have to setup their own overlay to test it. The idea with those bugs is to prepare the ebuild and have it tested for= the coordinated release date, so that it can be released with all needed KEY= WORDS -together with the GLSA at the same time the issue goes public. +together with the GLSA at the same time or shortly after the issue goes = public.

=20 @@ -1201,3 +1219,4 @@ + 1.22 xml/htdocs/security/en/vulnerability-policy.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /vulnerability-policy.xml?rev=3D1.22&view=3Dmarkup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /vulnerability-policy.xml?rev=3D1.22&content-type=3Dtext/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /vulnerability-policy.xml?r1=3D1.21&r2=3D1.22 Index: vulnerability-policy.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/vulnerability-policy= .xml,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- vulnerability-policy.xml 14 Apr 2009 00:06:25 -0000 1.21 +++ vulnerability-policy.xml 15 May 2011 19:38:51 -0000 1.22 @@ -14,6 +14,9 @@ Robert Buchholz + + Alex Legler + =20 This document describes the policy used in Gentoo Linux to treat @@ -25,8 +28,8 @@ =20 -1.2.7 -2009-04-14 +1.3 +2011-05-15 =20 Scope @@ -45,7 +48,7 @@

=20

-For this reason, the security team separates Gentoo architectures into t= wo +For this reason, the Security Team separates Gentoo architectures into t= wo groups, supported and unsupported:

=20 @@ -106,34 +109,19 @@
-Release Engineering - -

-The Release Engineering ("releng") project appoints a developer to be th= e -primary point of contact for security issues. -

-

-Release Engineering informs the Gentoo Security Project when a first tre= e=20 -snapshot is taken for media releases. Beginning with the first snapshot = until=20 -the official media release ("release preparation period"), Release Engin= eering=20 -(the appointed security liaison in case of confidential issues) should b= e cc'd=20 -on each security bug entering the stabilization phase. -

- -
-
Kernels =20

-Currently kernels are not covered by the GLSA release process. +Kernels are not covered by the GLSA release process. Vulnerabilities must still be reported and will be fixed, but=20 -no GLSA will be issued when everything is solved. +no GLSA will be issued when everything is solved.

=20 -This policy should be changed when new tools are added to cover -security vulnerabilities affecting the different kernel sources. +The kernel-check +utility is being developed to provide Kernel security information. +This policy should be updated accordingly when it is ready. =20 @@ -148,13 +136,13 @@ newer (~ARCH) ebuild, but the older (stable) packages are not affected, = or when the package has never had any stable ebuilds in the tree. In this case the vulnerability must still be reported and will be fixed,= but=20 -no GLSA will be issued when everything is solved. +no GLSA will be issued when everything is solved.

=20 This policy might be changed when our tools support more complex upgrade paths and if a sufficient number of GLSA coordinators join -the security team. +the Security Team. =20 @@ -174,7 +162,7 @@ security@gentoo.org). Major security lists should have official scouts assigned to them which should ensure that all vulnerabilities announced on these lists get a -security bugzilla entry. +security Bugzilla entry.

=20 @@ -185,24 +173,24 @@ =20

Confidential vulnerabilities (for example coming from developer's direct -communication or restricted vendor-sec lists) should follow a specific -procedure. They should not appear as a public -bugzilla entry, but only in security-restricted media like a private -bugzilla section or the GLSAMaker tool. They should get -corrected using private communication channels between the GLSA coordina= tor -and the package maintainer. +communication or restricted lists) must follow a specific procedure. +They should not appear as a public bugzilla entry, but only in=20 +security-restricted media like a private bugzilla section or the GLSAMak= er tool. +They should get corrected using private communication channels between t= he GLSA +coordinator and the package maintainer.

=20 Communication for confidential vulnerabilities should be properly encryp= ted. -They should be sent to specific security team members and encrypted with -their GPG key. The list of the security team members is available at=20 +They should be sent to specific Security Team members and encrypted with +their GPG key. The list of the Security Team members is available at=20 security.gentoo.org, thei= r key IDs can be looked up on the Gentoo Linux Developers List and their keys can be retrieved from the subkeys.pgp.net keyserv= er. +The use of IRC and other unencrypted messaging methods is discouraged. =20 @@ -312,7 +300,7 @@ =20

Here is the table of the resulting severity levels. They should be set -to the bugzilla severity level of the same name: +to the Bugzilla severity level of the same name:

=20
@@ -389,22 +377,27 @@ =20

During this phase it may be necessary to ask the reporter for details. T= he bug -remains with status NEW as long as necessary. When (if) the bug passes t= hese -sanity tests, it should be accepted and the bug wrangler should do the -following: +remains with status UNCONFIRMED or CONFIRMED as long as necessary. +When (if) the bug passes these sanity tests, it should be marked as 'in = progress' +and the bug wrangler should do the following:

=20
  • rename the bug so that it includes category/package-name at start - (for example: "net-mail/clamav: DoS using RAR files")
    • + (for example: net-mail/clamav: DoS using RAR files) +
  • remove version information in the bug title if there is no fixed ver= sion + available. Bug titles like <=3Dcategory/package-1.2.3, whe= re 1.2.3 + is the latest version of the package, should be avoided.
  • evaluate and assign a severity level (see above)
    • -
  • set the status to ASSIGNED
    • +
  • set the status to IN_PROGRESS
  • seed the status whiteboard to the correct severity code and status
  • cc package maintainers to the bug according to package metadata
  • set the URL field to an upstream bug or similar
    • -
  • search for reserved or assigned CVE identifier and add it to the bug= title, request a CVE otherwise
    • -
  • optionally assign a GLSA coordinator for the bug, by adding the - coordinator name to the status whiteboard
    • +
  • search for a reserved or assigned CVE identifier and add it to the b= ug title, + request a CVE otherwise
    • +
  • enter the bug number in the CVE tracker (given the wrangler has acce= ss to it)
    • +
  • set the Alias field to the CVE identifier. + In case there are multiple identifiers, use the first one.
=20 @@ -451,8 +444,8 @@
  • if a fix is available, get the package maintainer involved to produc= e and commit an ebuild containing the fix and set status whiteboard to = ebuild
  • once an ebuild is committed, evaluate what keywords are needed for t= he fix - ebuild and get arch-specific teams to test and mark - the ebuild stable on their architectures (arch-teams should be cc'd = on + ebuild and get arch-specific Teams to test and mark + the ebuild stable on their architectures (arch teams should be cc'd = on the bug, as well as releng during release preparation) and set statu= s=20 whiteboard to stable
  • arch-maintainers should mark the ebuild stable if there is no regres= sion @@ -464,7 +457,7 @@ =20 If the bug makes progress and the assigned GLSA coordinator does not rea= ct, -the other members of the security team can help keeping the bug rolling = by +the other members of the Security Team can help keeping the bug rolling = by updating its status. =20 @@ -486,19 +479,19 @@ stable+ and glsa+
  • if no upstream fix is available (upstream+ status), a decisio= n must be taken on masking the - package: the security team can mask a package which is not depended = on by - itself, but need a TLP manager approval before masking a package whi= ch is + package: The Security Team can mask a package which is not depended = on by + itself, maintainers should be consulted before masking a package whi= ch is not standalone
  • if the maintainer/herd does not show up for producing the ebuild dur= ing 48 - hours after summoning (ebuild+ status), the security team sho= uld + hours after summoning (ebuild+ status), the Security Team sho= uld try to bump the ebuild by itself
  • if testing and marking stable takes too much time (stable+ st= atus), - the security team will shout on IRC channels and gentoo-dev list to = get + the Security Team will shout on IRC channels and gentoo-dev list to = get more testers. It will either mark the ebuild stable by itself or, in= the event this cannot be done due to stability issues, mask it (see secu= rity masking approval policy above)
  • if the GLSA coordinator does not show up to draft a GLSA (glsa+ - status), then another member of the security team should draft the G= LSA + status), then another member of the Security Team should draft the G= LSA and submit it to peer review
    • =20 @@ -534,6 +527,10 @@ Temporary GLSAs =20 + +This is no longer common practice. + +

    If a blocker or critical or major vulnerability can= not totally be corrected in the target delay, @@ -562,7 +559,7 @@ =20

    Once ready, a GLSA should be submitted to peer review. At least two memb= ers -of the security team must approve the draft GLSA. Once the draft passes = the +of the Security Team must approve the draft GLSA. Once the draft passes = the peer review process, it should be assigned an official GLSA number.

    =20 @@ -645,7 +642,7 @@ Developer key IDs can be found on the Gentoo Linux -Developer list. All the security team GPG keys are published on pu= blic +Developer list. All the Security Team GPG keys are published on pu= blic key servers, including (but not limited to) subkeys.pgp.net. @@ -712,3 +709,4 @@ +