Security Policy

Supported Versions

Version

Supported

0.9.x

0.8.x

Reporting a Vulnerability

I think it highly unlikely there will be any security vulnerabilities in the near future, since the nature of this project should not see much applications in related fields, but this is still included for compliance with OpenSSF Best Practices standards. Please report as follows:

  • GitHub-native method

    Navigate to the security tab, then click on “Report a vulnerability” in the upper right corner. Comprehensive guidelines should be shown.

  • Via email

    Send me an email.

    If possible, encrypt your message with PGP. The fingerprint is 836B3C7AA3DAC6337F61CD2D2A5943B64B0994DE, and the public key is shown below.

    Always check the key against the fingerprint first in case the former was compromised.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEaaqzVBYJKwYBBAHaRw8BAQdAtJbeyQ/4Y1jcnodJifV3ay0Glnlf+37KXRI7
7EmdAzS0JkpvbmF0aGFuIER1bmcgPGpvbmF0aGFuZHVuZ0B5YWhvby5jb20+iLUE
ExYKAF0WIQSDazx6o9rGM39hzS0qWUO2SwmU3gUCaaqzVBsUgAAAAAAEAA5tYW51
MiwyLjUrMS4xMSwyLDECGwMFCYswO+wFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcC
F4AACgkQKllDtksJlN4CggEAhNGp66VgOJIUsD6hn+kX2UgbYnKVg7Nubw2ywztc
Y6cA/07V8UCIfu+aVvXLcfdclK6f+u8l90E+1y3HAn94Ib4NuDgEaaqzVBIKKwYB
BAGXVQEFAQEHQNFneq7FqNnzr7S3nFqowSKvH+C8lKRPRCnWCKWKR/NrAwEIB4ia
BBgWCgBCFiEEg2s8eqPaxjN/Yc0tKllDtksJlN4FAmmqs1QbFIAAAAAABAAObWFu
dTIsMi41KzEuMTEsMiwxAhsMBQmLMDvsAAoJECpZQ7ZLCZTeUssA+gOViN7xSKvA
gNDYS8Hnxzw0EU/5LtxolGz2OXzUNJEfAQCfuMAmgPCcoN0bnrDAwDK+aU90J4tS
O01JPuZoia5kAQ==
=QBAY
-----END PGP PUBLIC KEY BLOCK-----

The creator thanks you for your report in this unfortunate scenario. If you wish not to be acknowledged, please specify in the email.

Please note that reporting such potential exploits, if they are to emerge, via public channels such as the issues tab, is a sure-fire way to notify the attackers (if any), who may then adjust their strategy. Therefore, you should ensure the communication method chosen is secure according to the directions above.