We prefer coordinated vulnerability disclosures, so users can be provided patch instructions for security issues alongside the vulnerabilities report. Github handles a top-level SECURITY.md file specially and shows it in the security tab. Unlike other documentation, this can't be written in reST, so write it in markdown and adopt this convention. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- SECURITY.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..476ab3186e04 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Supported Versions + +The barebox project does not, at the moment, maintain any longer term +support branches. +Please update to new [barebox releases](https://github.com/barebox/barebox/releases) +as they become available. +Compatibility with old kernels is maintained over barebox releases. + +## Reporting a Vulnerability + +Please report security vulnerabilities to security@xxxxxxxxxxx. +We will work with the reporter to create a fix and to coordinate the disclosure. -- 2.39.5
