From 894cceb654a9c6c9deabdde2d1b598336e970649 Mon Sep 17 00:00:00 2001 From: Simone Carletti Date: Fri, 23 Aug 2019 10:45:16 +0200 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..25c27fed --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,101 @@ +# Security Policy + +## Supported Versions + +Security updates are provided only for the current minor version. + +If you are using a previous minor version, we recommend to upgrade to the current minor version. +This project uses [semantic versioning](https://semver.org/), therefore you can upgrade to a more recent minor version without incurring into breaking changes. + +Exceptionally, we may support previous minor versions upon request if there are significant reasons preventing to immediately switch the latest minor version. + +Older major versions are no longer supported. + + +## Reporting a Vulnerability + +To make a report, please email weppos@weppos.net. + +Please consider encrypting your report with GPG using the key (0x420da82a989398df)[https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x420da82a989398df] + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsBNBE/QiI0BCACtBbjJnJIzaLb4NfjaljzT/+dvodst+wyDRE8Vwc6ujwboZjr2 +0QwXScNzObPazyvkSZVh3g6PveneeSD0dSw2XDqKbbtLMg/Ss12yqXJfjavH/zjk +6Xq+nnbSnxBPzwFAAEaEFIc6H6BygJ7zHPP5WEY5QIMqifEAX//aBqHi4GXHJiHE +237Zqufdry23jBYjY7wGXAa11VsU9Iwqh6LPB9/hc1KtzjAuvvm5ufeT/iVjxGQX +te1OZZk6n8xSVYeLsn97PfgYs0yauhexwD9dG7FbRCB379JxPRn5akr391qXcVOG +ZA3yBXUSPOL6D1+TS1S0su5zbw2AEp4+z3SpABEBAAHNIlNpbW9uZSBDYXJsZXR0 +aSA8d2VwcG9zQGdtYWlsLmNvbT7CwHcEEwEKACEFAlXH0UQCGy8FCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQQg2oKpiTmN9BOQf/UHd+bmww71MkbS38KkowDu+0 +1VH35aL8sFcAMUSEA4I5oPWZoBtYYPGpALLxtrSNW+SCnmmeCQVfVmLedUVHwDZo +TS4qiynpqnz+Cnq4KRC8VMIyaFoiT5Vg6MLtau8hJtqZn1Wv68g0nXuprsCuf9vs +z7DDZ36z8em6OJQJQ/FQ4BGogzyYHa90cJnIM6BeLiRUUpFTl1tHLlw4JFUNi8sx +6VQ1/nhcr3OyskAix5TytRnJ8uIn22m25GGdTF2WQPNfkWJQVT4ZDbCxT20acRp0 +l3x1DAk3Eel8gOKzgOboB3bkI5/l1XZvNL0YWGZeyfp8I7ZqpXg/m4qLDkYU2cLA +egQTAQoAJAIbLwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCVf6KvAIZAQAKCRBC +DagqmJOY34ABB/9WbNAh0l07UN1ePfVm6Brg2Yt8k6Q2lIRUG2xAeQj/+Kx/4lAL +oY6F0jJ44kIDZqZdNA0QIqYzZRBV4iW+cQrsBUUyM+chiA3RuOsDG18sfvkyPvRy +ecOVubHCN+nK2GKy1oHQkCpVFIeetr0ugB/j+xNDKJ3Oa5dGBKF29ZH5Pxg7cqwH +cdkhBGMpPbBYq5pJtYGggqypELzFTG292StbtV837Eze+clWRTKtMBOHke/oKBCr +YYic2fmipGC9XUiqvMEMAKYq5WWWXIlcSVSnBDdxq41tXjKK4XMVgoOboZCcNFvh +0NxuDQATk1YruRZOS4SpBPXykEA1pK/zm3WmzSNTaW1vbmUgQ2FybGV0dGkgPHdl +cHBvc0B3ZXBwb3MubmV0PsLAeQQTAQIAIwUCT9CIjQIbLwcLCQgHAwIBBhUIAgkK +CwQWAgMBAh4BAheAAAoJEEINqCqYk5jfGWcH/Ax3EhAckGeCqNYE5BTx94bKB1LL +vUjeUoImMtGGFxQu2jNOAjtpuyjihm9uHBZ+dxaxHHrhE11f+0sDcwvW8qtKEzOs +GESr01VqTaVFS2JOEHhLphXseaLXJe32Osz0kHCZmrz1fCwv3b8QuWBifn8oVzcV +vrE7lGC6pGwaiUvMsvA++RUquTlNVlh8uRrqcQCU8Ne9lSoDWHlUJes5s4FoCh3R +oVBcKPsx3m/P9+GlEgTDqYP+WU3sfSfJYERH0r0NAYP96m2e7UQrqdgvMTVVDkPB +UB9efZzgkL7u9IAqmLU2klSGdEZnJ8t1AsjEyHXMztC7ICUhRFCeXHdTNhHCwHwE +EwEKACYCGy8HCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCVcfRaQIZAQAKCRBC +DagqmJOY31y1B/41I/SsWwDqJP/Y3LzzatGmIv/gy+LkJBBTr/NV0NYzKV2XJ1BG +ese2ZE4tKKdG4HDwF+IwFLBHcPZRv358IwwTRPnzeO23mxpTYAnRCdg/pcaYIJ9r +OxIOP+R52YbgGrNKcezVA+7TY9za072P7Bk85jTM2FNfqevaf/YQ4GRcGLQ3JI8N +tBUdvrOEETDpR0QFTr22Wv1C7UfPDsSf7ZUM7zJ38CmDji8JSlr6y75/LYSY50BB +8EHb03QxyePe98A3WzvOoqamiCIe9bRzH5IqRAtJYDX8cK4PZmp43bQhrjdjawCc +AU/OY9iz+zCw00+b6CNiRb59N+OwpNJh5iNNwsB5BBMBCgAjAhsvBwsJCAcDAgEG +FQgCCQoLBBYCAwECHgECF4AFAlX+iq0ACgkQQg2oKpiTmN/z2gf/VbcQHgTlXFYa +Sq/dE7S54uGFrdzHOV3IJyl+ByMwVoKn6zdpksRoyt7jPV3RonrUO7jEcrt7VKCU +2KC7/MZMDoUsn9BXXTtUk+uTCNh8qllR0Fo/FvWM9RJKmcDMKwAJwcKIgbfUBJGx +1N6pP2DUc+YCnEerRbnQ1DWJUM7BaOEN6bvPxuGblPst1l6S5VktFj3gZGYItHrs +pit5pesILP8K6B6VCNP2WXXYvYQo7yyYcG8WBWXin8/SdNwU68lUbfhhQVIKv6LU +h0wvgG97NsBPrFbij0K6O63FufnNr9WLMZhAzi0h6gNK2HKAyw9AZNKpPccwg+mX +Huc/4CPRlM0uU2ltb25lIENhcmxldHRpIDxzaW1vbmUuY2FybGV0dGlAZG5zaW1w +bGUuY29tPsLAdwQTAQoAIQUCVh4ipAIbLwULCQgHAwUVCgkICwUWAgMBAAIeAQIX +gAAKCRBCDagqmJOY329iCACpOY5SV7hwOZ8VqmRfxRoHQFQe9Owr+hD3eL0AKZaJ +V918dCPrrxbAmwwMAC8pS8J4CmrrTR27kxcUgVwcfyydFPrgST5pg+H7UTrBR045 +4Npw1+m99I2Pyyl3oaym4lKJFbp2c2DGODEzTg8kKfjk0cb8bd+MJrXqFyod1z5r +0pfexwaLVt1Hz+ZsmFIPO1ISHYBPV8OkpL8Kgb8WtY6REntgNjfcmtHNi0VWQ7+N +vgeYqdhscX8c9ROe26BiiiGXphRlAsCU/VLHOJkzoW3f9QLy4z01Xj/7OaD0JkHS +HrES1ye3ZDxnjnTRdh4U8ntJ+L+xnePcFQA2t0eCbPwIzSZTaW1vbmUgQ2FybGV0 +dGkgPHNpbW9uZUBjYXJsZXR0aS5uYW1lPsLAdwQTAQoAIQUCVf7gmwIbLwULCQgH +AwUVCgkICwUWAgMBAAIeAQIXgAAKCRBCDagqmJOY37L+B/45pWT3wgm43+kzHVOT +j63m4zmRb53TGZToRSxz3acyuVSuqU9Tv010F0ZV9ccb0NDeN+88s9tEisuoO0Rz +5vhC8AtwRUyR3ADE9pBtvvxT+4R9y8yYNTCIX45VPG9ZPp9+7i+XCdKtz30KIV7r +smktd2FrK16r/KUN8+03iZSgzQ9lsTmXK5L7zH/f3Tqhbfvybr4+M71KGnSoP+iP +vwfsoBb5rhijQLOykTb+VzdDpHQbupwxwm/3S4nsA4U6tonIywlJgBDSjgDjQj0i +Ez+Db2Wt59y6LoksRQogvJqm0nuxFUWMZc47zdhsRnqmxUYTNpKaJPWc6pfxsQPK +ZvTjzsBNBE/QiI0BCACsaNbG6kyKJBWL5jPhebsijk8PCfSHte1jNCA5l/NvaImZ +6ORq9f8S9MWlYxmzyUkVJaWrv+9p5zmjwcaegjerj6ggjPDEXlZG41Z4YE1/R8pf +wkSvrkLziBxZDB1aYplg8kgXkaIf2yi2FrMPSi04sjvQbBSCcIJeh6+vGK8tIJTn +e0tQbEvRorTwBAPAFlpx/bdk1wZYu11vFKbckhKWou7f8XSdn9ng9cY5uK+xBlFU +2ORgL1ygeIoY9uRvNZG2ncvCvxUPgOqbo31R8KPyvV4rNNvGBOfxQER9LbieBF2I +5I1gpyboGWKcXu1eV7tOpjtW6LHt+6NHhE6L1Lw1ABEBAAHCwX4EGAECAAkFAk/Q +iI0CGy4BKQkQQg2oKpiTmN/AXSAEGQECAAYFAk/QiI0ACgkQcBROh493BN9hdwf9 +GjiF1GcQN+3TZkXdr2WY0AlbcA/wBp6+ShnqcoU5XLuA0RY3+rWGuaSc2buLke6Y +2MhMAYcgmPdG+WTBoW5dWQGXBZ1IHYVR8HLGaF+Vate1MofE1BNHXhnilIMMfH4G +Tcr3Z3/FaSk9OdHlyiE/Jo7++8PQ+auHVyjtqry+/ysAnyr+lnCn+K4E0PQ1fYpP +fiawKtfSqk9h6HjjMyx9Adrz+ljXh+NyVqYZUfRytjgO+v+dAQmMczT1EawLTdX+ +trx1tHR549pEey7in5QKsje3GLH4zq4mCdWBlivQxmmmlvR07DysLADMbcpjKK2g +utfzygZHCU9hWGR3wbWZ7lXjB/0ZzutNaNYzSCkiC8PIWH1bG+TJO9pslHwP+aBJ +NGAmcwyOH9Bub2CSXikQFZNUmVRwtl7mN4bVAHI8zbMd6xdlX22yDgQei54dPXDw +UYsvGE4zmrD97he1EYcIOKMFHzlJNcWK+uR7lEq6mv7SFGnBr8qTYZRi1bySRgwd +UORuDV12GKTen9WectKtepW0fgYSz+udbDKQyyRef+7xGtCErWRL7f1qr8xm60da ++gSwyD/WkPTY8SP2mdq4u+6m4dWS26kKoENwuL7jUktl/C/EG7NmUKURbXG8lmeu +q59MIs/Fb3SgaO+zN2FZTYp6dyRJHbeEz55JdOu6F+6ihZYH +=j6Xr +-----END PGP PUBLIC KEY BLOCK----- +``` + +