GothenburgBitFactory/taskwarrior
1
0
Fork 0
mirror of https://github.com/GothenburgBitFactory/taskwarrior.git synced 2025-06-26 10:54:26 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add SECURITY.md (#3655)

Browse source
This commit is contained in:
Thomas Lauf 2024-10-21 21:16:25 +02:00 committed by GitHub
parent 3e20ad6f6f
commit 4bf6144daf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
SECURITY.md Normal file
View file

@ -0,0 +1,13 @@
# Security
To report a vulnerability, please contact [dustin@cs.uchicago.edu](mailto:dustin@cs.uchicago.edu), you may use GPG public-key D8097934A92E4B4210368102FF8B7AC6154E3226 which is available [here](https://keybase.io/djmitche/pgp_keys.asc?fingerprint=d8097934a92e4b4210368102ff8b7ac6154e3226).
Initial response is expected within ~48h.
We kindly ask to follow the responsible disclosure model and refrain from sharing information until:
1. Vulnerabilities are patched in Taskwarrior + 60 days to coordinate with distributions.
2. 90 days since the vulnerability is disclosed to us.
We recognise the legitimacy of public interest and accept that security researchers can publish information after 90-days deadline unilaterally.
We will assist with obtaining CVE and acknowledge the vulnerabilities reported.