mirror of
https://github.com/jlengrand/error-prone-support.git
synced 2026-03-10 00:01:20 +00:00
977019c5bf
- Introduce a `./run-full-build.sh` script. - Explicitly mention that users should run this script before opening a pull request. - Emphasize that many build warnings can be resolved automatically. - Introduce a `SECURITY.md` file as suggested by GitHub.
24 lines
953 B
Markdown
24 lines
953 B
Markdown
# Security policy
|
|
|
|
We take security seriously. We are mindful of Error Prone Support's place in
|
|
the software supply chain, and the risks and responsibilities that come with
|
|
this.
|
|
|
|
## Supported versions
|
|
|
|
This project uses [semantic versioning][semantic-versioning]. In general, only
|
|
the latest version of this software is supported. That said, if users have a
|
|
compelling reason to ask for patch release of an older major release, then we
|
|
will seriously consider such a request. We do urge users to stay up-to-date and
|
|
use the latest release where feasible.
|
|
|
|
## Reporting a vulnerability
|
|
|
|
To report a vulnerability, please visit the [security
|
|
advisories][security-advisories] page and click _Report a vulnerability_. We
|
|
will take such reports seriously and work with you to resolve the issue in a
|
|
timely manner.
|
|
|
|
[security-advisories]: https://github.com/PicnicSupermarket/error-prone-support/security/advisories
|
|
[semantic-versioning]: https://semver.org
|