| Version | Supported |
|---|---|
| v0.1.x | ✓ (current, alpha) |
PyreWire is an early-stage alpha project. We do our best to address security issues promptly, but please be aware that maintenance resources are limited at this stage of development.
Please do not open public GitHub issues for security vulnerabilities.
To report a security vulnerability, send an email to:
Use the subject line prefix [SECURITY] so we can route your report correctly.
Your report should include:
- A clear description of the vulnerability
- Step-by-step reproduction instructions
- The potential impact or attack scenario
- Any suggested mitigations (optional)
Given our alpha-stage team size:
- Initial acknowledgment: within 48 hours of your report
- Initial assessment: within 7 days
We will keep you informed as we work through the issue.
We follow a coordinated disclosure model:
- You and the maintainers collaborate privately during a 90-day window to develop and release a fix.
- After 90 days (or sooner if a fix is released), the vulnerability is publicly disclosed.
- We will credit the reporter in the disclosure unless you prefer to remain anonymous.
If extenuating circumstances require an extension, we will discuss this with you directly.
This security policy covers PyreWire Python wrapper code only (this repository).
If you discover a vulnerability in the upstream wirelog dataflow engine, please report it directly to the wirelog project:
👉 https://github.com/semantic-reasoning/wirelog
We do not currently provide a PGP key for encrypted communication. At the alpha stage, email via the address above is sufficient. If you require encrypted communication, please mention this in your initial email and we will work something out.