From 20b9c1fa4ac632d152abdf3d3a3faa364ce2b86c Mon Sep 17 00:00:00 2001 From: Evgeniy Alekseev Date: Thu, 24 Nov 2022 01:13:55 +0200 Subject: [PATCH] add security notes --- .../{bug-report.md => 01-bug-report.md} | 0 .github/ISSUE_TEMPLATE/02-security-report.md | 20 +++++++++++++++++++ ...ature-request.md => 03-feature-request.md} | 0 .../{discussion.md => 04-discussion.md} | 0 AUTHORS | 4 ++-- Makefile | 2 +- SECURITY.md | 9 +++++++++ 7 files changed, 32 insertions(+), 3 deletions(-) rename .github/ISSUE_TEMPLATE/{bug-report.md => 01-bug-report.md} (100%) create mode 100644 .github/ISSUE_TEMPLATE/02-security-report.md rename .github/ISSUE_TEMPLATE/{feature-request.md => 03-feature-request.md} (100%) rename .github/ISSUE_TEMPLATE/{discussion.md => 04-discussion.md} (100%) create mode 100644 SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/01-bug-report.md similarity index 100% rename from .github/ISSUE_TEMPLATE/bug-report.md rename to .github/ISSUE_TEMPLATE/01-bug-report.md diff --git a/.github/ISSUE_TEMPLATE/02-security-report.md b/.github/ISSUE_TEMPLATE/02-security-report.md new file mode 100644 index 00000000..a34d9eeb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/02-security-report.md @@ -0,0 +1,20 @@ +--- +name: Security report +about: Create a report related to security issues +title: '' +labels: security +assignees: '' + +--- + +## Summary + +A clear and concise description of what the issue is. + +### Steps to reproduce + +Steps to reproduce the behavior (commands, environment etc). + +### Intended impact + +Brief optional description of how this vulnerability can be used and which effects can be achieved. diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/03-feature-request.md similarity index 100% rename from .github/ISSUE_TEMPLATE/feature-request.md rename to .github/ISSUE_TEMPLATE/03-feature-request.md diff --git a/.github/ISSUE_TEMPLATE/discussion.md b/.github/ISSUE_TEMPLATE/04-discussion.md similarity index 100% rename from .github/ISSUE_TEMPLATE/discussion.md rename to .github/ISSUE_TEMPLATE/04-discussion.md diff --git a/AUTHORS b/AUTHORS index 32fa47f7..34845e06 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,2 +1,2 @@ -Current developers: -Evgenii Alekseev aka arcanis +Current maintainer: +Evgenii Alekseev diff --git a/Makefile b/Makefile index cd7f0c15..aa83906e 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ PROJECT := ahriman -FILES := AUTHORS CONTRIBUTING.md COPYING README.md docs package src setup.py tox.ini web.png +FILES := AUTHORS CONTRIBUTING.md COPYING Makefile README.md SECURITY.md docs package src setup.py tox.ini web.png TARGET_FILES := $(addprefix $(PROJECT)/, $(FILES)) IGNORE_FILES := package/archlinux src/.mypy_cache diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..663d14df --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +The project follows bleeding edge philosophy, thus only the latest version is supported with the exception for release candidates (i.e. tags which are marked with `rc` suffix). + +## Reporting a Vulnerability + +In the most cases you can report (suspected) security vulnerabilities directly on github by using ["Security report" template](https://github.com/arcan1s/ahriman/issues/new?assignees=&labels=security&template=02-security-report.md&title=). However, if your report could lead to data leak or break the system we kindly ask you to contact [current maintainer](AUTHORS) directly by email.