Add release metadata, about panel, and repo policies
This commit is contained in:
40
SECURITY.md
Normal file
40
SECURITY.md
Normal file
@@ -0,0 +1,40 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
This repository is currently in an early alpha stage.
|
||||
|
||||
Security fixes are expected on:
|
||||
|
||||
- the current `main` branch
|
||||
- the newest tagged pre-release, when one exists
|
||||
|
||||
Older snapshots may not receive backported fixes.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please do **not** open a public issue for a suspected security problem before
|
||||
the maintainer has had a chance to assess it.
|
||||
|
||||
Preferred process:
|
||||
|
||||
1. Report the issue privately through your forge's private reporting workflow, if available.
|
||||
2. If private reporting is not available, contact the maintainer through the repository owner profile first.
|
||||
3. Include:
|
||||
- affected version or commit
|
||||
- reproduction steps
|
||||
- impact
|
||||
- any workaround, if known
|
||||
|
||||
## Scope
|
||||
|
||||
Relevant security reports include:
|
||||
|
||||
- credential or token leakage
|
||||
- unsafe network handling
|
||||
- update or packaging integrity issues
|
||||
- sandbox, entitlement, or macOS permission mistakes
|
||||
- malicious or unintended code execution paths
|
||||
|
||||
Reports that are only stream-quality, broken station metadata, or ordinary
|
||||
playback bugs should go through the normal issue tracker.
|
||||
Reference in New Issue
Block a user