[PATCH master] SECURITY.md: add security policy
Ahmad Fatoum
a.fatoum at pengutronix.de
Mon Feb 10 04:17:26 PST 2025
We prefer coordinated vulnerability disclosures, so users can be provided
patch instructions for security issues alongside the vulnerabilities report.
Github handles a top-level SECURITY.md file specially and shows it in
the security tab. Unlike other documentation, this can't be written
in reST, so write it in markdown and adopt this convention.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
SECURITY.md | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..476ab3186e04
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+The barebox project does not, at the moment, maintain any longer term
+support branches.
+Please update to new [barebox releases](https://github.com/barebox/barebox/releases)
+as they become available.
+Compatibility with old kernels is maintained over barebox releases.
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities to security at barebox.org.
+We will work with the reporter to create a fix and to coordinate the disclosure.
--
2.39.5
More information about the barebox
mailing list