mirror of
https://github.com/qTox/qTox.git
synced 2024-03-22 14:00:36 +08:00
feat(docs): Add a security policy for disclosing vulnerabilities
This commit is contained in:
parent
4f9ca0a411
commit
a99735d0e0
22
SECURITY.md
Normal file
22
SECURITY.md
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
The latest release of qTox is supported. Any security fix will be added to a new
|
||||||
|
version on top of it.
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Please report vulnerabilities by Tox to
|
||||||
|
[anthonybilinski](tox:AC18841E56CCDEE16E93E10E6AB2765BE54277D67F1372921B5B418A6B330D3D3FAFA60B0931)
|
||||||
|
and [sudden6](tox:7FA177896407DACE01A1C1E5A56445E839280AE1B2520146C9473B4DA04B774257E7E30F871F).
|
||||||
|
If that's not an option, please email [me@abilinski](mailto:me@abilinski.com) with GPG fingerprint `7EB3 39FE 8817 47E7 01B7 D472 EBE3 6E66 A842 9B99` and [sudden6@gmx.at](mailto:sudden6@gmx.at) with GPG fingerprint `DA26 2CC9 3C0E 1E52 5AD2 1C85 9677 5D45 4B8E BF44`.
|
||||||
|
|
||||||
|
We should get back to you within a week. If the vulnerability is qTox specific
|
||||||
|
and accepted, there should be a new release addressing the vulnerability within
|
||||||
|
a couple of weeks. If we disagree with the vulnerability analysis, we will
|
||||||
|
answer explaining our reasoning.
|
||||||
|
|
||||||
|
If the vulnerability is related to a dependency of qTox, we will follow the
|
||||||
|
disclosure policy of that project. If a fix from the project isn't imminent and
|
||||||
|
it's possible, we will mitigate the issue in qTox.
|
Loading…
Reference in New Issue
Block a user