This document provides guidelines and procedures for maintaining the security and integrity of the repository.

This policy applies to all contributors, maintainers, and users of the repository.

• Access to the repository is restricted to authorized personnel only. All contributors must have a valid and active GitHub account.
• External collaborators should be granted access on a need-to-know basis and should be reviewed periodically.

• All sensitive data stored in this repo must be encrypted using git-crypt.
• Authorized users will be provided with decryption keys. These keys must not be shared, stored publicly, or embedded in code.

• All pull requests (PRs) must undergo a code review by at least one other member before being merged.
• PRs with changes to cryptographic routines or handling of encrypted data must be reviewed by a security expert.

• If you discover a vulnerability or security issue, please create an issue on the GitHub repository. Label it as security for easy identification.
• Do not disclose details of the vulnerability in public forums, chats, or other public channels.

• All contributors are encouraged to regularly fetch updates from the main branch and ensure their local copy is updated to benefit from security patches.

• Contributors found to be in violation of this policy may have their access revoked.
• Users and maintainers are encouraged to report any non-compliance to this policy.

This policy will be reviewed annually or after any significant incident.

For any queries or concerns regarding this security policy, eat a biscuit. (tomerh2001@gmail.com)