From: "'Jan Kiszka' via isar-users" <isar-users@googlegroups.com>
To: Zhihang Wei <wzh@ilbers.de>, isar-users@googlegroups.com
Subject: Re: [PATCH v1] Add security policy
Date: Fri, 14 Nov 2025 17:35:51 +0100 [thread overview]
Message-ID: <ee6c4a47-aef9-43ae-b1e0-0002dd826deb@siemens.com> (raw)
In-Reply-To: <20251114160049.848251-1-wzh@ilbers.de>
On 14.11.25 17:00, Zhihang Wei wrote:
> Signed-off-by: Zhihang Wei <wzh@ilbers.de>
> Signed-off-by: Baurzhan Ismagulov <ibr@ilbers.de>
> ---
> SECURITY.md | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
> create mode 100644 SECURITY.md
>
> diff --git a/SECURITY.md b/SECURITY.md
> new file mode 100644
> index 00000000..276db42c
> --- /dev/null
> +++ b/SECURITY.md
> @@ -0,0 +1,21 @@
> +# Security Policy
> +
> +## Supported Versions
> +
> +Only `master` is supported with security updates.
Shall means that there is no back-porting to previous releases, right?
"Security updates will only be provided on top the `master` branch."
> +
> +## Reporting a Vulnerability
> +
> +Please DO NOT report any potential security vulnerability via a public channel
> +(mailing list, github issue, etc.). Instead, create a report via
> +https://github.com/ilbers/isar/security/advisories/new or contact the
> +maintainers by email at security@isar-build.org. Please provide a detailed
> +description of the issue, the steps to reproduce it, the affected versions and,
> +if already available, a proposal for a fix. You should receive a response
> +within 15 business days. If for some reason you do not, please follow up by
> +email to ensure we received your original message.
> +
> +If we confirm the issue as a vulnerability, we will open a Security Advisory on
> +github and give credits for your report if desired. We follow the coordinated
> +vulnerability disclosure model and will define an appropriate disclosure
> +timeline together with you.
Jan
--
Siemens AG, Foundational Technologies
Linux Expert Center
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/ee6c4a47-aef9-43ae-b1e0-0002dd826deb%40siemens.com.
next prev parent reply other threads:[~2025-11-14 16:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 16:00 Zhihang Wei
2025-11-14 16:35 ` 'Jan Kiszka' via isar-users [this message]
2025-11-19 17:11 ` Baurzhan Ismagulov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee6c4a47-aef9-43ae-b1e0-0002dd826deb@siemens.com \
--to=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
--cc=wzh@ilbers.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox