* [PATCH master] SECURITY.md: add security policy
@ 2025-02-10 12:17 Ahmad Fatoum
0 siblings, 0 replies; only message in thread
From: Ahmad Fatoum @ 2025-02-10 12:17 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
We prefer coordinated vulnerability disclosures, so users can be provided
patch instructions for security issues alongside the vulnerabilities report.
Github handles a top-level SECURITY.md file specially and shows it in
the security tab. Unlike other documentation, this can't be written
in reST, so write it in markdown and adopt this convention.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
SECURITY.md | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..476ab3186e04
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+The barebox project does not, at the moment, maintain any longer term
+support branches.
+Please update to new [barebox releases](https://github.com/barebox/barebox/releases)
+as they become available.
+Compatibility with old kernels is maintained over barebox releases.
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities to security@barebox.org.
+We will work with the reporter to create a fix and to coordinate the disclosure.
--
2.39.5
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-02-10 12:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-10 12:17 [PATCH master] SECURITY.md: add security policy Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox