Received: from mail.netlandish.com (mail.netlandish.com [174.136.98.166]) by code.netlandish.com (Postfix) with ESMTP id 602CE27B for <~netlandish/links-dev@lists.code.netlandish.com>; Tue, 29 Apr 2025 00:46:24 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.170; helo=mail-vk1-f170.google.com; envelope-from=peter@netlandish.com; receiver= Authentication-Results: mail.netlandish.com; dkim=pass (1024-bit key; unprotected) header.d=netlandish.com header.i=@netlandish.com header.b=DjGhs4ZK Received: from mail-vk1-f170.google.com (mail-vk1-f170.google.com [209.85.221.170]) by mail.netlandish.com (Postfix) with ESMTP id 2B3371D6463 for <~netlandish/links-dev@lists.code.netlandish.com>; Tue, 29 Apr 2025 00:46:35 +0000 (UTC) Received: by mail-vk1-f170.google.com with SMTP id 71dfb90a1353d-5262475372eso2387269e0c.2 for <~netlandish/links-dev@lists.code.netlandish.com>; Mon, 28 Apr 2025 17:46:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netlandish.com; s=google; t=1745887594; x=1746492394; darn=lists.code.netlandish.com; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=qhPCcm/vSqFqpZBCkVDMg2Nzop08AA9E3p0qCsrZSQ0=; b=DjGhs4ZKG4K3+6XCJEZDRGSbFhyrETR7b0nvlTmEKZPtmCdxw+E+nmsKyO6hmj2vuE iYnScl+3vEGRyaOvBwNub1JiUverSXFAgubkCscWpgzQXcH0cgKpQuz0LD6O8C0QCiNl Jnz/BYRBhTlZmRbNvtJ7M8hwg5qkiFWAVhw0A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745887594; x=1746492394; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qhPCcm/vSqFqpZBCkVDMg2Nzop08AA9E3p0qCsrZSQ0=; b=Y1gtrUaiySSfJ4zLYZRgtkEb3c1IwH2yuZaFJlMTeBG+jlCCHTYXA5bFM6u0oCdAjB +xEGGorVBQ1srw4GYBRj6rpWUiaUDRbyZQsmj+baH0hd740a2hu86w5rSba7sDt2Baqx DINa+GT8rReU+PXWFB3i5n4ppwlrs16qjdV7whECZbj86UeKZMeI+ff1nY0mVZPvHUeb DnsYX3pDZr4fK4YRWVmj5sL2StyEmkzjPAJiYwLsGtv3f2ERhlxdKom4dEw3CYEoPoBO wpzBVkg6zEB8AyjIx/t9SeBAL3oDxrVif5w6nfjTFiOOWLdK43kRm8wojvs1l8IXagwR xQsQ== X-Gm-Message-State: AOJu0YzOC5iXRuDCzp4gUZzVDkqbq+iHnbJIyLBkSWk00FhYApY047em ZSQDVVXxAYIhFB9CUOI1k4oYRor4f9KSiDgDq66PuLc4Q7G31U2m67Kkwk7PQz22KR/fkqSRiBv fEbs= X-Gm-Gg: ASbGncth1wrT7vfHp82LfcG4MhlQQ/6Oo23WFDR92tzGcWktpoWUARkt/K91X3jny57 NsjbqRYyB/areEmUVyqYKNdaauAGkTmTbGxzVO/OME5Qdl/P/F6Uhioq6QGeunRKwt4+nvMmmZv pYdZ7Kig1MGdnEzNaIfa8aIUByHWk8HZ5OPAJi1xX9N1u90WpcA5TJ/OhNt7tc1ljvbL1c8eaTn Dz3G9YEncroHGyED1PAFSHFEOrxMrG3Wt5tZkGkd5HzNOc2CIali9Ip2ivRHLNhIYaLRZN00q7i t+RcqVVH+ljkFvSyxX3KMl2vqmhK8UglCBQ3zWnXlw== X-Google-Smtp-Source: AGHT+IFScvCFSil0SRlnGcEzBiawo9mvc+IUHkK1XPYyomsz95Ku5T24+reIZOdGmSgQ+UjPCEBInA== X-Received: by 2002:a05:6102:1522:b0:4bb:b589:9d95 with SMTP id ada2fe7eead31-4da7f03b9a0mr1529294137.4.1745887594063; Mon, 28 Apr 2025 17:46:34 -0700 (PDT) Received: from localhost ([2803:2d60:1118:5ee:e9d3:8303:760f:3950]) by smtp.gmail.com with ESMTPSA id ada2fe7eead31-4dac588961dsm69906137.14.2025.04.28.17.46.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Apr 2025 17:46:33 -0700 (PDT) From: Peter Sanchez To: ~netlandish/links-dev@lists.code.netlandish.com Cc: Peter Sanchez Subject: [PATCH links] Adding SECURITY.md so the user base has the information they need to report any security specific issues they may discover. Date: Mon, 28 Apr 2025 18:46:27 -0600 Message-ID: <20250429004631.25510-1-peter@netlandish.com> X-Mailer: git-send-email 2.47.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Changelog-added: SECURITY.md to help ensure that security vulnerabilities are reported responsibly. --- SECURITY.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..41cde26 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy + +## Supported versions + +Only the latest stable version is supported. + +## Reporting a vulnerability + +Preferably, [send an email to the security mailing list](mailto:~netlandish/security@lists.code.netlandish.com). This is an admin only list so it's not publicly visible. + +You can also email directly to +[peter@netlandish.com](mailto:peter@netlandish.com). + +You can use [the following GPG key](https://petersanchez.com/publickey.txt) to +encrypt your message if you'd like. + +**Please do not publicly post this report anywhere else.** This is so we have +time to correct the issue before the bad guys start to abuse it. + +## Steps to reproduce + +Please include all steps to reproduce the vulnerability and any code specific +line numbers, etc. if you have them. + +## security.txt + +This information is also available in +[/.well-known/security.txt](https://linktaco.com/.well-known/security.txt) -- 2.47.2