Re: [PATCH v2] Add security policy

[Zhihang Wei <wzh@ilbers.de>]

Applied to next, thanks.

On 11/19/25 18:09, Baurzhan Ismagulov wrote:
> From: Zhihang Wei <wzh@ilbers.de>
>
> Signed-off-by: Zhihang Wei <wzh@ilbers.de>
> Signed-off-by: Baurzhan Ismagulov <ibr@ilbers.de>
> ---
>   SECURITY.md | 21 +++++++++++++++++++++
>   1 file changed, 21 insertions(+)
>   create mode 100644 SECURITY.md
>
> diff --git a/SECURITY.md b/SECURITY.md
> new file mode 100644
> index 00000000..2ba12ff8
> --- /dev/null
> +++ b/SECURITY.md
> @@ -0,0 +1,21 @@
> +# Security Policy
> +
> +## Supported Versions
> +
> +Security updates will only be provided on top of the `master` branch.
> +
> +## Reporting a Vulnerability
> +
> +Please DO NOT report any potential security vulnerability via a public channel
> +(mailing list, github issue, etc.). Instead, create a report via
> +https://github.com/ilbers/isar/security/advisories/new or contact the
> +maintainers by email at security@isar-build.org. Please provide a detailed
> +description of the issue, the steps to reproduce it, the affected versions and,
> +if already available, a proposal for a fix. You should receive a response
> +within 15 business days. If for some reason you do not, please follow up by
> +email to ensure we received your original message.
> +
> +If we confirm the issue as a vulnerability, we will open a Security Advisory on
> +github and give credits for your report if desired. We follow the coordinated
> +vulnerability disclosure model and will define an appropriate disclosure
> +timeline together with you.

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/28931056-013c-401f-9f9d-22cfe730a0d9%40ilbers.de.