| Message ID | 20251114160049.848251-1-wzh@ilbers.de |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [v1] Add security policy | expand |
On 14.11.25 17:00, Zhihang Wei wrote: > Signed-off-by: Zhihang Wei <wzh@ilbers.de> > Signed-off-by: Baurzhan Ismagulov <ibr@ilbers.de> > --- > SECURITY.md | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > create mode 100644 SECURITY.md > > diff --git a/SECURITY.md b/SECURITY.md > new file mode 100644 > index 00000000..276db42c > --- /dev/null > +++ b/SECURITY.md > @@ -0,0 +1,21 @@ > +# Security Policy > + > +## Supported Versions > + > +Only `master` is supported with security updates. Shall means that there is no back-porting to previous releases, right? "Security updates will only be provided on top the `master` branch." > + > +## Reporting a Vulnerability > + > +Please DO NOT report any potential security vulnerability via a public channel > +(mailing list, github issue, etc.). Instead, create a report via > +https://github.com/ilbers/isar/security/advisories/new or contact the > +maintainers by email at security@isar-build.org. Please provide a detailed > +description of the issue, the steps to reproduce it, the affected versions and, > +if already available, a proposal for a fix. You should receive a response > +within 15 business days. If for some reason you do not, please follow up by > +email to ensure we received your original message. > + > +If we confirm the issue as a vulnerability, we will open a Security Advisory on > +github and give credits for your report if desired. We follow the coordinated > +vulnerability disclosure model and will define an appropriate disclosure > +timeline together with you. Jan
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..276db42c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Only `master` is supported with security updates. + +## Reporting a Vulnerability + +Please DO NOT report any potential security vulnerability via a public channel +(mailing list, github issue, etc.). Instead, create a report via +https://github.com/ilbers/isar/security/advisories/new or contact the +maintainers by email at security@isar-build.org. Please provide a detailed +description of the issue, the steps to reproduce it, the affected versions and, +if already available, a proposal for a fix. You should receive a response +within 15 business days. If for some reason you do not, please follow up by +email to ensure we received your original message. + +If we confirm the issue as a vulnerability, we will open a Security Advisory on +github and give credits for your report if desired. We follow the coordinated +vulnerability disclosure model and will define an appropriate disclosure +timeline together with you.