Logo

Gitorious Security

Although we do our best to keep Gitorious as safe as possible, no software is free from errors. If you discover a vulnerability in Gitorious, both our users and we need your help in resolving the issue as quickly as possible. We will give the highest priority to any issues reported to us.

If you find a vulnerability in Gitorious, please send an email to security@gitorious.com, and we will work with you get an overview of the reach of the problem and do whatever necessary to fix the issue on both gitorious.org and any local Gitorious installations. We will not disclose any details about the vulnerabilities until we have made available an updated version of Gitorious which can be used to upgrade gitorious.org and other installations of Gitorious. When disclosing the issue you will be credited in the post.

Our GPG key

Because of the implications of details about a vulnerability being made available before a fix is available, we would appreciate if you send us the details about the vulnerability as an encrypted email. Please encrypt your email using our GPG key, pasted below.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.13 (GNU/Linux)

mQENBFEPqXUBCADXNR63OWvL2IRN/kxuLIH1YiaJGDqxIrN1R2LpcyMYz6URJ7YF
Lddt3YWKyjB9t34yry49Bq+jyBGMJmJiC/zmfYlUQfPLKl9ixYt2hFjddNdkYJze
GRcJ4Cy6nGPGe2d0ccJlvpV4wA8DpEXr3da5s+JfDFqACGqwPKkWYZkmbwpDTVXp
4aAPXRtJelSejaqxkpT9On+ABvkfIdUp2STy5f83XRHNLGbb5RspZZ6Ov1Ro5KAV
p0DWGAdeMG7EH+VueJclURwMknDQyt1qN4yAX1mlLnZZBhzWG5P3HYxnkwt4slg1
qysGjB4/04t+cSDJypHOu7u8CFn8827FWYNzABEBAAG0KUdpdG9yaW91cyBTdXBw
b3J0IDxzdXBwb3J0QGdpdG9yaW91cy5vcmc+iQE4BBMBAgAiBQJRD6l1AhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBN/GXQK094ZF00CACf4PCh5jPOuKD6
Z2zT4gwAmSUa5eQe35VtrwAFoD2Ue2touHbB58/1i7eOCLWEi1MXHcqBF79yqQ7L
Z74fElTmuJTMsVpbGrbja77BTUfdZ0zLnJ6s5bjwBLB/47C9LeuwO1ilyihyEijZ
oHK3g5wY+s/IxvyhXViID9hZIglbwDSODJ1DO5K9z7abD0U6FrKOx4TfR20/t4PF
ug9EYHwyacNKKnM2V09Zyfk9KGZ+1jT9JT/xS01hqHK/Lnw5A5Cm23bJBj4UuSlI
0sIWsaYSD0KHOgrkQHIskfLtEdpWRMp8UaYx82fRYct4zehnacLReeWp+UEWHpWi
BiX83M2ZuQENBFEPqXUBCADA78YhXkRURcVhl4pDoMs4RlQS0n2YAP4YyLU5MM2W
QVcnMa9ESzS2vEnkfwNOGKHX0/qBRYa/wWNEOltnzMeIqXlEIMsLY/IeSMHLH83d
yscPa4WN/k1Y+P2zK49s7LmE3A9vF9pUJyvBJcS2QmkPLcdbzZbH9TqRIjYQZ057
XYEU4QjD4Ax0P8njLWbmQ+9LtMuldPPl4sejh5zXRXQsduru1VjDEkPStoPRDkZL
q2/VNHhE2F4j3241T7oU0b2FW17sMgpm/dJz3ALaF1I317BUvUuDvvU//SJBhWSR
vQFXmzIcUNnRjCVYR4mcdcISTgatDgiFQoBfVvXZIxAlABEBAAGJAR8EGAECAAkF
AlEPqXUCGwwACgkQTfxl0CtPeGR2UggAu5xxAh7Z11y+6vC0Wi58yGUUgfiwrLuO
xCaitF5wbu8E/qqnkR+uaPPOWuf8oe2BHHqHS0HJ2y000O2CtdeV7F1k3zzhOZjV
4c/gqQruepgNQifbnWvumvKAgsW+stRIYIeaK7SiCr7fkBY0O0e/f9YGIyXluDTr
xXTSZOgAeyNXAi36fLCCODp2Q2XPEw33IG+XwKycdiZabvnBgOUdJ4ch1yWKi3+Y
mqt6iBfXieUxBaaFi4MBHPYJAw4ANNiQHhI8GvU4Kz8MJ05+KvKsS7lkiinmKNd4
bwIobz69GOwz2UyhPFOv0QqsWYFh7/p3iyrjoAPc6qT1JPsy+kDhAA==
=yWv1
-----END PGP PUBLIC KEY BLOCK-----