Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds SECURITY.md file with instructions (#5181)
* Adds SECURITY.md file with instructions * Removes trailing whitespace on SECURITY.md * Updates README with link to full security policy * Updates CONTRIBUTING with link to full security policy * Update CHANGELOG with security policy
- Loading branch information
1 parent
5a48bae
commit 1aecfaa
Showing
4 changed files
with
31 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Security Policy | ||
|
||
## Supported Versions | ||
|
||
Until we have the version 1.0 we support only the last minor and major | ||
version with security updates. | ||
|
||
| Version | Supported | | ||
| ------- | ------------------ | | ||
| 0.17.x | :white_check_mark: | | ||
| < 0.16 | :x: | | ||
|
||
## Reporting a Vulnerability | ||
|
||
Security is very important to us. | ||
|
||
If you have any issue regarding security, please disclose the information | ||
responsibly by sending an email to security [at] decidim [dot] org and not | ||
by creating a github/metadecidim issue. We appreciate your effort to make | ||
Decidim more secure. | ||
|
||
We recommend to use GPG for these kind of communications, the fingerprint | ||
is `C1BD 8981 D83C 23F9 D419 FE42 149A D0F9 84B9 35C4`. To download our key: | ||
|
||
```bash | ||
gpg --keyserver pgp.key-server.io --recv 84B935C4 | ||
``` |