* [PATCH v1] Add security policy
@ 2025-11-14 16:00 Zhihang Wei
2025-11-14 16:35 ` 'Jan Kiszka' via isar-users
0 siblings, 1 reply; 3+ messages in thread
From: Zhihang Wei @ 2025-11-14 16:00 UTC (permalink / raw)
To: isar-users
Signed-off-by: Zhihang Wei <wzh@ilbers.de>
Signed-off-by: Baurzhan Ismagulov <ibr@ilbers.de>
---
SECURITY.md | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..276db42c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Only `master` is supported with security updates.
+
+## Reporting a Vulnerability
+
+Please DO NOT report any potential security vulnerability via a public channel
+(mailing list, github issue, etc.). Instead, create a report via
+https://github.com/ilbers/isar/security/advisories/new or contact the
+maintainers by email at security@isar-build.org. Please provide a detailed
+description of the issue, the steps to reproduce it, the affected versions and,
+if already available, a proposal for a fix. You should receive a response
+within 15 business days. If for some reason you do not, please follow up by
+email to ensure we received your original message.
+
+If we confirm the issue as a vulnerability, we will open a Security Advisory on
+github and give credits for your report if desired. We follow the coordinated
+vulnerability disclosure model and will define an appropriate disclosure
+timeline together with you.
--
2.39.5
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20251114160049.848251-1-wzh%40ilbers.de.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] Add security policy
2025-11-14 16:00 [PATCH v1] Add security policy Zhihang Wei
@ 2025-11-14 16:35 ` 'Jan Kiszka' via isar-users
2025-11-19 17:11 ` Baurzhan Ismagulov
0 siblings, 1 reply; 3+ messages in thread
From: 'Jan Kiszka' via isar-users @ 2025-11-14 16:35 UTC (permalink / raw)
To: Zhihang Wei, isar-users
On 14.11.25 17:00, Zhihang Wei wrote:
> Signed-off-by: Zhihang Wei <wzh@ilbers.de>
> Signed-off-by: Baurzhan Ismagulov <ibr@ilbers.de>
> ---
> SECURITY.md | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
> create mode 100644 SECURITY.md
>
> diff --git a/SECURITY.md b/SECURITY.md
> new file mode 100644
> index 00000000..276db42c
> --- /dev/null
> +++ b/SECURITY.md
> @@ -0,0 +1,21 @@
> +# Security Policy
> +
> +## Supported Versions
> +
> +Only `master` is supported with security updates.
Shall means that there is no back-porting to previous releases, right?
"Security updates will only be provided on top the `master` branch."
> +
> +## Reporting a Vulnerability
> +
> +Please DO NOT report any potential security vulnerability via a public channel
> +(mailing list, github issue, etc.). Instead, create a report via
> +https://github.com/ilbers/isar/security/advisories/new or contact the
> +maintainers by email at security@isar-build.org. Please provide a detailed
> +description of the issue, the steps to reproduce it, the affected versions and,
> +if already available, a proposal for a fix. You should receive a response
> +within 15 business days. If for some reason you do not, please follow up by
> +email to ensure we received your original message.
> +
> +If we confirm the issue as a vulnerability, we will open a Security Advisory on
> +github and give credits for your report if desired. We follow the coordinated
> +vulnerability disclosure model and will define an appropriate disclosure
> +timeline together with you.
Jan
--
Siemens AG, Foundational Technologies
Linux Expert Center
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/ee6c4a47-aef9-43ae-b1e0-0002dd826deb%40siemens.com.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] Add security policy
2025-11-14 16:35 ` 'Jan Kiszka' via isar-users
@ 2025-11-19 17:11 ` Baurzhan Ismagulov
0 siblings, 0 replies; 3+ messages in thread
From: Baurzhan Ismagulov @ 2025-11-19 17:11 UTC (permalink / raw)
To: isar-users; +Cc: Zhihang Wei, Jan Kiszka
On 2025-11-14 17:35, 'Jan Kiszka' via isar-users wrote:
> > +Only `master` is supported with security updates.
>
> Shall means that there is no back-porting to previous releases, right?
>
> "Security updates will only be provided on top the `master` branch."
Thanks, sent v2.
With kind regards,
Baurzhan
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/aR36KoFjT1P-MmfC%40abai.de.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-11-19 17:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-14 16:00 [PATCH v1] Add security policy Zhihang Wei
2025-11-14 16:35 ` 'Jan Kiszka' via isar-users
2025-11-19 17:11 ` Baurzhan Ismagulov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox