Skip to content

Commit 8f560cf

Browse files
spoorccspoorcc
committed
Basic security policy
1 parent dfb23f5 commit 8f560cf

2 files changed

Lines changed: 36 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Security Policy
2+
3+
## Reporting Security Issues
4+
5+
If you discover a security vulnerability in Dfetch, please let us know right away and don't post a public issue.
6+
You can report issues by opening a confidential issue via [GitHub Security Advisories](https://github.com/dfetch/dfetch/security/advisories). See [GitHub's private vulnerability reporting](https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) for more info.
7+
If you have no contact please contact us through the mail listed in the pyproject.toml.
8+
9+
We appreciate your help in keeping Dfetch safe for everyone.
10+
We aim to respond to security reports within 5 business days.
11+
12+
## Supported Versions
13+
14+
We actively maintain and patch the latest release of Dfetch.
15+
Older versions may not receive security updates.
16+
17+
## Disclosure Policy
18+
19+
We ask that you give us a reasonable amount of time to address security issues before public disclosure.
20+
We will keep you updated on our progress and let you know when the issue has been resolved.
21+
22+
## Acknowledgements
23+
24+
Thank you to everyone who helps keep Dfetch secure!
25+
We’re grateful for responsible disclosures and contributions from the community.

doc/troubleshooting.rst

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,3 +20,14 @@ We are glad to help, if you you are stuck, either create an issue_ on github or
2020

2121
.. _issue: https://github.com/dfetch-org/dfetch/issues
2222
.. _gitter: https://gitter.im/dfetch-org/community
23+
24+
Security issues
25+
----------------
26+
27+
If you discover a security vulnerability in *Dfetch*, please let us know right away and don't post a public issue.
28+
You can report issues by opening a confidential issue via `GitHub Security Advisories`_. See
29+
`GitHub's private vulnerability reporting`_ for more info. If you have no contact please contact us through
30+
the mail listed in the pyproject.toml.
31+
32+
.. _`GitHub Security Advisories`: https://github.com/dfetch/dfetch/security/advisories
33+
.. _`GitHub's private vulnerability reporting`: https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)

0 commit comments

Comments
 (0)