From patchwork Fri Nov 14 16:00:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhihang Wei X-Patchwork-Id: 4593 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 14 Nov 2025 17:01:07 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f62.google.com (mail-wm1-f62.google.com [209.85.128.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AEG17Bs010720 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Nov 2025 17:01:07 +0100 Received: by mail-wm1-f62.google.com with SMTP id 5b1f17b1804b1-475c422fd70sf14531055e9.2 for ; Fri, 14 Nov 2025 08:01:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763136062; cv=pass; d=google.com; s=arc-20240605; b=lXyn5sGe22J+ZPnvaeHdgWhZqJMspCOGY2cOuVUAEsRj1an9sUXNboXiw58kquX88b L0Hyh0SaNh6LGB3ra7F4o/qfA9dJlsyRWfFfFwr2gsrstFyFDg1g7/bjkuukN+2XS/5W xW3IK3Wmui6tyG6muVDA4hgVJQQddFuRJ5z/71OKHVxlLufElneBrlArTGL4YPHH3XDz A/CdiOTj+BPYUu7DOClAeos1BAoZnvbrBGlXpHmWwMi39OeE1cllP2bgHHAZp1Lt2DZt oQBjA9O8bjsWEJD2+ry4szEyp3qCxyAIa+BtoqQH+/+hrvSUt8qG7hDQM75E6RlESzL9 msfA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:to:from:sender:dkim-signature; bh=WPDchBddJ6fVsJDQkWkLtpGMRlmooEmnqt6hzn+/A6M=; fh=/B8ChKLcuFkCBQ+kVZ+huFkT0t7V2pxttfDBEZs54ck=; b=CE3MRLOVJaQxT2xkVfwfhEMFcagiMSXNOnIErFJcPDeZKvhEu++0LlZTVp+JvTO4lg q5wp/8s1EYxAhTLNi+80+CaZjuipeyUKgBHwVbXCAj1Eh9UuEo0NsrRG4M8fBli0r5Mj IfwEQaFkGrWT+1m4u8XI0UbRw9k+yMyw9NoxRJhJwAhh3g+SCAAhvQP3IcSLa6wQiglC uOLFMGXUYGvmMsXc5ekBB16s18UeDRT4c7uXbSIRa9PL6DWrwmOmGC0aSyMiH/+BS92A o8G2gFuXciaAfdxeGKhTvlPd6FPFNwZmLC0SHq0VtLa8M8GSHTuAmsM/D0RIv3HvG41A ifmg==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763136062; x=1763740862; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=WPDchBddJ6fVsJDQkWkLtpGMRlmooEmnqt6hzn+/A6M=; b=G5YSaTGwYiHzz64aQTNn0CPKu+J88mdP62TwQZ/sIU9pQCfwT5Q8WYj/f8Ozw0j/GF RQEM6MGIuzrbHnFU6emsFB7xYFxx9Ka9RR7eT8uQRndkxhM6qeBtRXKMketNKBYJsIfY EimNIXAnYi+75GZUj9NKP40GkJconaKxDGkAHfl08hvthND64EVky09TXPSzF4TUgrSx gX+Ine6PtnCrmyWD/h+nIkrXKlf5WufVXx3n+hLUF8KBxybIw6u3sMUvXK/QbW5ht4hp EvWdPc1z9D4GPKD9VqMKuJApOr3XHgRZVDjeU4CG1Ae+bB44aidAVeYzAmFTwTkEND5e WFqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763136062; x=1763740862; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=WPDchBddJ6fVsJDQkWkLtpGMRlmooEmnqt6hzn+/A6M=; b=Ujk0PxbPlGJCgxDyjwWLlG+VCh8AJo2E7yW5GRBXmLeyN7pFuBxkc/b39y2t9eDTWF HWLy+/GF6cvZSgmIf2lKGxt1ksIqokYTlSdycCgUSp4/jX1g3Y9iSPhXve7bW3p8u+U4 PcHzpquqSU0LnFPlyq+DDDUB4E5uqtWqkNoSpbv0E0lAceBxN04bUABn8h3I+VWMdMcy gCoUPkpOePmIk/tpQhRRtO1EPi8WtNl+DNHBGfdy4dBK2U9r+wQ0IUO+E0S1Tlp7+Lpc WKgXt6V7M04fiXpGkJE5Qg9H+WIThezS017hNE0zNjBrisRgeQRMcgOXbLAXhXH4uvgO Uo6g== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCU9g2A6CYyfB0aaqnyVlEBDEonFPjKq2XJj6td0LFJvekaA1DpzlxL7EUMikrh5ouKpZtFP/v0=@isar-build.org X-Gm-Message-State: AOJu0YyLouNqVQkw0EGUPmTnX2XwD6I/YVZ5DCXr7q7Juf489SU4UQHs o5yvFgv8BuYV8wd89ONsGJ37i2H/xiZa2Kn8xyKlsY6VynX8zy+dXp0L X-Google-Smtp-Source: AGHT+IHpmNpXj1p4ysaPzJO/W+PwltpliDuLzLxNDZJIDgSb5rMyw69vRcxjQjzK/F5BRjXfx2K1LA== X-Received: by 2002:a05:600c:1f87:b0:471:1435:b0ea with SMTP id 5b1f17b1804b1-4778fe795b0mr32983455e9.24.1763136060050; Fri, 14 Nov 2025 08:01:00 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+ZXkV9puF6cJuCwqCzF17+/A05FwCBu7qO+7C2F97dUzw==" Received: by 2002:a05:600c:34d2:b0:477:612f:4953 with SMTP id 5b1f17b1804b1-4778be38a71ls14919645e9.2.-pod-prod-09-eu; Fri, 14 Nov 2025 08:00:57 -0800 (PST) X-Received: by 2002:a05:600c:1f10:b0:477:8b77:155e with SMTP id 5b1f17b1804b1-4778fe4a046mr33167315e9.15.1763136057062; Fri, 14 Nov 2025 08:00:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763136057; cv=none; d=google.com; s=arc-20240605; b=gUZSruLN/FouMm9fefGNFaMCwIbb8KlbxMXONadkbiBzfYJkEYiFJ1gdXriBA8vrks 1twrJsVeEsSmSrWahhoxKAQRM4v/KLAlcWRrbdBxbb2hp3zw1bnMEn76+2JL04KYL+To 2RW7hWKPIqw21nBx27RoHzvHxp2mEFWg7I4t8P+x4fSmXKLrHnIqVraGOuOwA+IhfyVQ C/Mbr/EYISEBCmiJu4q1KCsTY08GqNIBihxooJB7DScfihW/7kLH/5llJJRQH7XRjADJ d+hVBXNDF2MCxfvTvWIgEXa3vo3/qI5MTfm0TbTM7ghg++ze9UG0Tsdt2nV5hjeqseNE jKpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from; bh=rsfF+Nw1GbeM0I7p3EOYr1582K1u92kP0agfsayDv3c=; fh=7tclEdh7YbwSQowgJ6LNq720O7H5HTEaqj22NJWRE2E=; b=fEReqbONBF2dC0tub6EftzvwAMiutQhfAl/c0/MddlSvd/NIxRFQbdcbgGO3c3UQMM 5ane96P4WiEy9OyOvUo237kxKc5Py4YgN7sTQxh7rXSFG0x3h+Yoo8jAGKrTWXz7VZG+ i88dHG/VVkiWpCk/lLsHSEifpLRNNAIvQTWSQY0jp6XzGbAywSKXLaecHtpPEbNXpqh4 6jbEnurDQlqCqMNIC1QN5AC3YrT0jaj5QN9w2o+jLR9eIhW9QboveXUgkwXo8hN9b1d6 U63v7WLm6F2e640WlzBuS7sNiMAhKhsQx2vSbCZzO2xDgAnYFR+hygYmgGMh/vcmmkNh pSSQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-4778c62eb04si893595e9.0.2025.11.14.08.00.55 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 14 Nov 2025 08:00:55 -0800 (PST) Received-SPF: pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from debian-zwei.m.ilbers.de ([88.130.203.42]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPA id 5AEG0na2010715 for ; Fri, 14 Nov 2025 17:00:55 +0100 From: Zhihang Wei To: isar-users@googlegroups.com Subject: [PATCH v1] Add security policy Date: Fri, 14 Nov 2025 17:00:49 +0100 Message-Id: <20251114160049.848251-1-wzh@ilbers.de> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: wzh@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Zhihang Wei Signed-off-by: Baurzhan Ismagulov --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..276db42c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Only `master` is supported with security updates. + +## Reporting a Vulnerability + +Please DO NOT report any potential security vulnerability via a public channel +(mailing list, github issue, etc.). Instead, create a report via +https://github.com/ilbers/isar/security/advisories/new or contact the +maintainers by email at security@isar-build.org. Please provide a detailed +description of the issue, the steps to reproduce it, the affected versions and, +if already available, a proposal for a fix. You should receive a response +within 15 business days. If for some reason you do not, please follow up by +email to ensure we received your original message. + +If we confirm the issue as a vulnerability, we will open a Security Advisory on +github and give credits for your report if desired. We follow the coordinated +vulnerability disclosure model and will define an appropriate disclosure +timeline together with you.