1 2## Reporting security issues 3 4Please report security issues related to the SLF4J project to the 5following email address: 6 7 support(at)qos.ch 8 9 10 11 12## Verifying contents 13 14All SLF4J project artifacts published on Maven central are signed. For 15each artifact, there is an associated signature file with the .asc 16suffix. 17 18### After 2022-08-08 19 20To verify the signature use [this public key](https://www.slf4j.org/public-keys/60200AC4AE761F1614D6C46766D68DAA073BE985.gpg). Here is its fingerprint: 21``` 22pub nistp521 2022-08-08 [SC] 23 60200AC4AE761F1614D6C46766D68DAA073BE985 24uid Ceki Gulcu <[email protected]> 25sub nistp521 2022-08-08 [E] 26``` 27 28A copy of this key is stored on the 29[keys.openpgp.org](https://keys.openpgp.org) keyserver. To add it to 30your public key ring use the following command: 31 32``` 33> FINGER_PRINT=60200AC4AE761F1614D6C46766D68DAA073BE985 34> gpg --keyserver hkps://keys.openpgp.org --recv-keys $FINGER_PRINT 35``` 36 37### Before 2022-08-08 38 39To verify the signature use [this public key](https://www.slf4j.org/public-keys/ceki-public-key.pgp). Here is its fingerprint: 40 41``` 42pub 2048R/A511E325 2012-04-26 43Key fingerprint = 475F 3B8E 59E6 E63A A780 6748 2C7B 12F2 A511 E325 44uid Ceki Gulcu <[email protected]> 45sub 2048R/7FBFA159 2012-04-26 46``` 47 48A copy of this key is stored on the 49[keys.openpgp.org](https://keys.openpgp.org) keyserver. To add it to 50your public key ring use the following command: 51 52``` 53> FINGER_PRINT=475F3B8E59E6E63AA78067482C7B12F2A511E325 54> gpg --keyserver hkps://keys.openpgp.org --recv-keys $FINGER_PRINT 55``` 56 57 58## Preventing commit history overwrite 59 60In order to prevent loss of commit history, developers of the project 61are highly encouraged to deny branch deletions or history overwrites 62by invoking the following two commands on their local copy of the 63repository. 64 65 66``` 67git config receive.denyDelete true 68git config receive.denyNonFastForwards true 69```