Adding upstream version 18.2.2.upstream/18.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 42 insertions, 0 deletions

diff --git a/doc/security/index.rst b/doc/security/index.rst
new file mode 100644
index 000000000..9d158cb96
--- /dev/null
+++ b/doc/security/index.rst
@@ -0,0 +1,42 @@
+==========
+ Security
+==========
+
+.. toctree::
+   :maxdepth: 1
+
+   Past Vulnerabilities / CVEs <cves>
+   Vulnerability Management Process <process>
+
+Reporting a vulnerability
+=========================
+
+To report a vulnerability, please send email to `security@ceph.io
+<security@ceph.io>`_.
+
+* Please do not file a public ceph tracker issue for a vulnerability.
+* We urge reporters to provide as much information as is practicable
+  (a reproducer, versions affected, fix if available, etc.), as this
+  can speed up the process considerably.
+* Please let us know to whom credit should be given and with what
+  affiliations.
+* If this issue is not yet disclosed publicly and you have any
+  disclosure date in mind, please share the same along with the
+  report.
+
+Although you are not required to, you may encrypt your message using 
+the following GPG key:
+
+**6EEF26FFD4093B99: Ceph Security Team (security@ceph.io)**
+
+| **Download:** `MIT PGP Public Key Server <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x6EEF26FFD4093B99>`_
+| **Fingerprint:** A527 D019 21F9 7178 C232 66C1 6EEF 26FF D409 3B99
+
+
+Supported versions
+==================
+
+Security updates are applied only to the current `Active Releases`_.
+
+
+.. _Active Releases: https://docs.ceph.com/en/latest/releases/#active-releases