diff options
| author | murilo ijanc | 2026-03-25 17:19:16 -0300 |
|---|---|---|
| committer | murilo ijanc | 2026-03-25 17:19:16 -0300 |
| commit | 4c1597e0f28c2bea193818a8d84ff2073ea5c08f (patch) | |
| tree | c4662912aa0b59013f10692c385c5a096ef85812 /SECURITY.md | |
| parent | 290f53c38cdacd502eb6dda52f2ad207063e3973 (diff) | |
| download | tesseras-paste-4c1597e0f28c2bea193818a8d84ff2073ea5c08f.tar.gz | |
Update README, bump tesseras-dht to 0.1.1, add project docs
- Rewrite README with features, usage, and links
- Bump tesseras-dht dependency from 0.1.0 to 0.1.1
- Add CODE_OF_CONDUCT.md and SECURITY.md
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2c4736f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,57 @@ +# Security Policy + +## Reporting a Vulnerability + +If you discover a security vulnerability in Tesseras, please report it +responsibly through the private security mailing list: + +**[~ijanc/tesseras-security@lists.sr.ht](mailto:~ijanc/tesseras-security@lists.sr.ht)** + +This list is restricted to maintainers. Reports are welcome from anyone. + +### Encrypting your report + +Please encrypt sensitive reports using the maintainer's GPG key: + +- **Key ID:** `882CF78D7F04E7F4` +- **Fingerprint:** `9C16 D725 0B23 6C1C C21A 46AB 882C F78D 7F04 E7F4` +- **Key server:** `keys.openpgp.org` + +``` +gpg --keyserver keys.openpgp.org --recv-keys 9C16D7250B236C1CC21A46AB882CF78D7F04E7F4 +``` + +### What to include + +- Description of the vulnerability +- Steps to reproduce +- Affected components (crate, module, function) +- Potential impact +- Suggested fix, if any + +### What to expect + +- Acknowledgment within 48 hours +- Status update within 7 days +- Coordinated disclosure after a fix is available + +### Please do NOT + +- Open a public issue or pull request for security vulnerabilities +- Disclose the vulnerability publicly before a fix is available +- Exploit the vulnerability against other users' nodes or data + +## Scope + +The following are in scope for security reports: + +- Cryptographic issues (key generation, signing, encryption, erasure coding) +- Network protocol vulnerabilities (DHT, QUIC transport, relay) +- Authentication and authorization bypasses +- Data integrity or confidentiality violations +- Denial of service against individual nodes + +## Recognition + +Contributors who report valid vulnerabilities will be credited in the +release notes (unless they prefer to remain anonymous). |