Project: Proxmox Enhanced Configuration Utility (PECU)
Repository: Danilop95/Proxmox-Enhanced-Configuration-Utility
License: GPL-3.0
Last updated: May 11, 2026
PECU is a Bash/Linux utility that can modify Proxmox host configuration as root. Treat every release as privileged system software: review the code, keep out-of-band console access, and test changes outside production first.
This policy covers first-party files in this repository:
src/proxmox-configurator.shscripts/pecu_release_selector.shsrc/tools/templatectl.shsrc/tools/renderers/qm.shtemplates/.github/workflows/- project documentation
Third-party software such as Proxmox VE, Debian, kernel modules, GPU drivers,
jq, yq, shellcheck, Python packages, and GitHub infrastructure is out of
scope and should be reported upstream.
Security fixes target the current main branch and the latest published Stable
release when a fix can be backported safely. Older tags and experimental/beta
release channels are best-effort only.
Preferred method:
- Open the repository Security tab on GitHub.
- Choose Report a vulnerability.
- Include affected version/tag, affected file, reproduction steps, expected behavior, actual behavior, and impact.
If GitHub Security Advisories are unavailable, contact the maintainer through the public GitHub profile and request a private disclosure channel. Do not file public issues for exploitable vulnerabilities until coordinated disclosure is agreed.
This is a small open-source project. Response is best-effort, not a guaranteed SLA. The maintainer will try to acknowledge credible reports promptly, triage impact, prepare a fix, and publish a release note or advisory when appropriate.
The release workflow is expected to publish:
- a
PECU-<version>.tar.gzbundle containing the runnable project structure SHA256SUMSfor release assets
Verify checksums when they are present:
sha256sum -c SHA256SUMSThis repository does not currently claim GPG-signed release assets or a published project signing key. Do not rely on old documentation or third-party copies that claim otherwise unless the release page explicitly provides those artifacts.
- Prefer tagged releases over running the moving
mainbranch. - Read scripts before running them as root.
- Keep backups and console/IPMI access before changing bootloader, VFIO, or initramfs configuration.
- Use
src/tools/templatectl.sh apply --dry-runbefore creating VMs from YAML templates. - Run local validation before contributing:
scripts/validate_repo.shSecurity-sensitive changes should be reviewed carefully when they touch:
- command execution from YAML/template input
- release selector downloads or telemetry
/etc/modprobe.d/*.conf/etc/modules-load.d/*.conf/etc/default/gruband/etc/kernel/cmdline- VFIO device ID selection and SR-IOV PF/VF handling
- GitHub Actions release packaging