From 780d2c236de0e4749655696c2e0c26fb7565afd3 Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Tue, 9 Apr 2024 21:55:01 +0300 Subject: [PATCH] Update SECURITY.md. --- .github/SECURITY.md | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index ea929104..01ac4896 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,23 +1,14 @@ # Security Policy -## Supported Versions - -We provide security updates to the development branch and the stable -branches. Security patches for old releases are available on the -[project website](https://tukaani.org/xz). - -## Reporting a Vulnerability - If you discover a security vulnerability in this project, please -report it privately. **Do not disclose it as a public issue.** This gives -us time to work with you to fix the issue before public exposure, reducing -the chance that the exploit will be used before a patch is released. +report it privately. **Do not disclose it as a public issue.** -You may submit a report by emailing us at -[xz@tukaani.org](mailto:xz@tukaani.org), or through +You may submit a report via email to +[Lasse Collin](mailto:lasse.collin@tukaani.org) +(OpenPGP key fingerprint: 3690 C240 CE51 B467 0D30 AD1C 38EE 757D 6918 4620), +or through [Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new). -While both options are available, we prefer email. -This project is maintained by a team of volunteers on a reasonable-effort -basis. As such, please give us 90 days to work on a fix before -public exposure. +This project is maintained by volunteers on a reasonable-effort basis. +Please give 30 days to work on a fix before public exposure, +reducing the chance that an exploit will be used before a patch is released.