Add project code of conduct and security policy

This commit is contained in:
Sebastian Palencsar
2026-05-31 17:48:55 +02:00
parent 4507023da2
commit 63698709a6
3 changed files with 94 additions and 2 deletions

48
SECURITY.md Normal file
View File

@@ -0,0 +1,48 @@
# Security Policy
## Supported Versions
Security fixes are provided on a best-effort basis for:
- the latest Bearhub release
- the current `main` branch
Older releases may not receive security updates.
## Reporting a Vulnerability
Please do not open public issues for undisclosed security vulnerabilities.
Use one of these channels:
1. GitHub Security Advisories (preferred):
- Go to the repository `Security` tab
- Create a private vulnerability report
2. If advisory reporting is unavailable, contact maintainers directly via GitHub.
Include as much detail as possible:
- affected Bearhub version
- platform details (Arch version, Python version, desktop session)
- reproduction steps
- expected vs. actual behavior
- logs, stack traces, and proof-of-concept (if available)
## Response Process
Maintainers will:
- acknowledge the report as soon as possible
- validate impact and scope
- prepare and publish a fix
- credit reporters where appropriate (if desired)
## Disclosure
Please allow reasonable time for validation and patching before public disclosure.
Once fixed, we will disclose:
- impacted versions
- mitigation/fix guidance
- release references containing the patch