From patchwork Wed Nov 19 17:09:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Baurzhan Ismagulov X-Patchwork-Id: 4612 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 19 Nov 2025 18:09:17 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f63.google.com (mail-lf1-f63.google.com [209.85.167.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AJH9Gv9005336 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 19 Nov 2025 18:09:16 +0100 Received: by mail-lf1-f63.google.com with SMTP id 2adb3069b0e04-5943838a6a3sf4291506e87.1 for ; Wed, 19 Nov 2025 09:09:16 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763572151; cv=pass; d=google.com; s=arc-20240605; b=a3uWUALj6AA3Un8FEzMymlP9gzEYYdo6zlFazyeyhLtTxWtEwTihz/DPmmn9sY6ENP THyprzKU66NVkv3lWiXorChFVzpDz8chx03IH05Hum28Qq53MHKgfm+NmnUkbxa5koZU CcaAU+31NV8RPER/EIDB6Kp37y+HII0B1Qo/F3b1s3DZz5RmZyLq8guVxs8alwYJbxtA +PfkDvf0WscfsU9eu0s2pXYZd5GhY3tdtRp5oYs6tMCQqNy6E0xxIhksxtoCVoH8h8m5 yOVhia9uTo0IAxqP9a3YfJbHO3b9RnKjEN5o14whG5YmyVbpNPm7/dPWReIcrWQcUL4L WA/g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:to:from:sender:dkim-signature; bh=zPyhlgzV14P5Dgb++HGpGaDb17whm9tfatMlQ7heY1U=; fh=Ur9bIMpWTh8IfzR68LL4hNgN1Oe0EKt6vGv8MwOpaC0=; b=aRSPeS5dU+Ao+qHH/EgrGMRc1iVQa8XFM2CTVWt+Y4mL3mmvKX2tR9ESd4k0+qPdpr CU44nqPgmEh7Zz7gnYRUzcVOpvCVAXT3OFcZ2rtHQZ4/dAl9mzEB+eACj1guheuE3uuv TsofRVLaFmnw+itTDD1s8Humh23c73WYVVh4oJ5yaIY6aThzpMIIbB7f7nrZ/qXtflWl aKcQW2tYYVS2RNay6RAvQxfs1WRvjRvC8gCsCONyytOEK2LzC9++FqxllKz8euR4n4j/ R3E3xkHfCPJN4H6zrGlBap2HGsKmEWcYvZ8b2hzWU0cYbsLTA+1N0x/R9+pB3cqLoTSI jJpw==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) smtp.mailfrom=ibr@radix50.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763572151; x=1764176951; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=zPyhlgzV14P5Dgb++HGpGaDb17whm9tfatMlQ7heY1U=; b=ahe4Ru+m0ig6FiAXsW61bBd3BiP0tiIepbXWmIuW1e2zOFWPSQZECVfkIuwNWDungP uPNfstOseEtKTeH3QK7RLedY5Z/Y7pNfQg27gWW0EjEqztWCmxhgv+YIvxljOB1PDaFI 2RmtlR8lts6IlQ425fzV1tR7lzBuNPw+ozZMTloypeLFE9ONxf//yZsloCbUd31h7+aj xsDLfu7q3Drf3uZVlS623n2tZpIudHrOBzlJox5X8UhNWT6h/1FwUg4ryZMqjnlHAa2m hDyGjG7hTUWAFAzMFlkd96sEi8tC0uobwG0iLDgWJRiaf5M0j1DCgEh87WvfTkHb2AKJ UNhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763572151; x=1764176951; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=zPyhlgzV14P5Dgb++HGpGaDb17whm9tfatMlQ7heY1U=; b=UKNtjtyGl1es/25JVuWr0ya0H6VKEGJvGM5cPgoxqGk9xWDTcYTMsytHKAbb2vdZz/ 1dHkh1tNRFaCNJr/mPr05xD1Ye4qHcMStbD3KvdC3X/ZCBccqduEZCW4g1NLDN/KRc9p 7yYCSAerHXHijS1OB/80p/wEvIHMFG4ERA2aSCiUmfFRBOYa4+nk0v7+F/OI26mFfq4U 6p0uSHeTfFacKZyX8UmYjUGPPJ00bJqUinMNYIYy0RLBN77MiDIse9F719oFHyYSu8uk 9gtUXtgn+jnv9yVh0vOcVXtqH1sduzMT9WKiEjIcbFzdIxZuk+N0G8IDuJrNA0F97IPu QWyQ== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXPvqHYorMKgh81kW48gTQ+9BjyuSmFB5yMsywakhCRRNdumqzH83tkh7hWDAbVlHUlEF5S8Qg=@isar-build.org X-Gm-Message-State: AOJu0YykobC3J9ha3aRogHrEta9sIvcL77pwGb/+j6xBITsq+oOKxpuv Mn3CF/HFLxrcIT68lByV1YQKHheXAiR2w4qJ1gC91QqXMMjKqW9JJ/fG X-Google-Smtp-Source: AGHT+IHtRMaieXK4IYQR/ssjEcpWg0zW/2E7RI9aE5zmlWKl0ZTC6Vax4fQPmcltz55vCl51d9XYtA== X-Received: by 2002:a05:6512:1251:b0:595:8258:ccc4 with SMTP id 2adb3069b0e04-59584262dcdmr7225941e87.47.1763572150594; Wed, 19 Nov 2025 09:09:10 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+atG1zMh+Gb4Hkw2uHbiWV2bxikDzGU+bX9AMwdGYiP+A==" Received: by 2002:a05:6512:3415:b0:596:9d0f:f9e5 with SMTP id 2adb3069b0e04-5969d0ffadbls128109e87.0.-pod-prod-04-eu; Wed, 19 Nov 2025 09:09:07 -0800 (PST) X-Received: by 2002:a05:651c:31da:b0:37b:ba8d:c0db with SMTP id 38308e7fff4ca-37cc6748a43mr728421fa.4.1763572147553; Wed, 19 Nov 2025 09:09:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763572147; cv=none; d=google.com; s=arc-20240605; b=R9yq5wIOjoQXueuLXj5cqxE+pFQd4uqh1FY3oaKDQ6D3JahJaJG3A0+vdsWoiYxxq6 /YESC2zQ+WVVWL4LPVZAyIpgHrYRXcZqK7WY/LZjB9aBoIDdehjsrCfWV1D4rx+9wNqj eV7mKv7Npj3r9lqy0Ls2MD8XUO20tWdID7Um+YOt7B38oNY0M++BNI/dWk7TvFh9nwDA 9qnR88JMkxL5WL9LgoJkUKjQh1EqCU8dh4NBQ0jBrPEoqrVUkiiCZXfBqi0j3559InA6 pvqKW9C+gY4JlIJZDoax5Hl6iJQ8VGa6c1r1LI8km4HPab4Ur6nb8GKWoSZKuaZXFgoC /CGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from; bh=5iZITJk40kBMrPJDWozxPzVseTk1ewoFkAXH49L04Gw=; fh=7tclEdh7YbwSQowgJ6LNq720O7H5HTEaqj22NJWRE2E=; b=kWVF3g0+rmnj9o0+Qe2LmM8dEbphcRnzgvPS7P2zvHFwh4aowDCT7GbWwxAH+GBYB2 lIQv/loFsQiELYqH3lYtoh+jZSPnTOU9Q+4b8YUhqomyfJtmftgkM+YBNkQexTYApIo3 /4IFon+0kf1YKGmmZohDtVSJzcPHi2/WM4A8LAfySAmn69dkILuJcyLCSGkcgIJpSCfy 4EuUx5s7TDyAY4UUapLWtUqWUHD9rA/xWhDkhAqg+n4YPq8xr0ecTNheC4n4+QhVhiL+ 1d9h0kU7bHrgoTi8jh+M172SjFV48l1mkfZKRXTEnUkh8moCdCXB2JP6PMSxIVrYx2iM /9Qg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) smtp.mailfrom=ibr@radix50.net Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-37b9cec7909si3682151fa.7.2025.11.19.09.09.07 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 19 Nov 2025 09:09:07 -0800 (PST) Received-SPF: pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from abai.m.ilbers.de ([88.130.203.42]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPA id 5AJH96j7005330 for ; Wed, 19 Nov 2025 18:09:06 +0100 From: Baurzhan Ismagulov To: isar-users@googlegroups.com Subject: [PATCH v2] Add security policy Date: Wed, 19 Nov 2025 18:09:06 +0100 Message-Id: <20251119170906.1342632-1-ibr@radix50.net> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ibr@radix50.net X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) smtp.mailfrom=ibr@radix50.net Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Zhihang Wei Signed-off-by: Zhihang Wei Signed-off-by: Baurzhan Ismagulov --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..2ba12ff8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Security updates will only be provided on top of the `master` branch. + +## Reporting a Vulnerability + +Please DO NOT report any potential security vulnerability via a public channel +(mailing list, github issue, etc.). Instead, create a report via +https://github.com/ilbers/isar/security/advisories/new or contact the +maintainers by email at security@isar-build.org. Please provide a detailed +description of the issue, the steps to reproduce it, the affected versions and, +if already available, a proposal for a fix. You should receive a response +within 15 business days. If for some reason you do not, please follow up by +email to ensure we received your original message. + +If we confirm the issue as a vulnerability, we will open a Security Advisory on +github and give credits for your report if desired. We follow the coordinated +vulnerability disclosure model and will define an appropriate disclosure +timeline together with you.