From 4c1597e0f28c2bea193818a8d84ff2073ea5c08f Mon Sep 17 00:00:00 2001
From: murilo ijanc
Date: Wed, 25 Mar 2026 17:19:16 -0300
Subject: Update README, bump tesseras-dht to 0.1.1, add project docs

- Rewrite README with features, usage, and links
- Bump tesseras-dht dependency from 0.1.0 to 0.1.1
- Add CODE_OF_CONDUCT.md and SECURITY.md
---
 SECURITY.md | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 SECURITY.md

(limited to 'SECURITY.md')

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..2c4736f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,57 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Tesseras, please report it
+responsibly through the private security mailing list:
+
+**[~ijanc/tesseras-security@lists.sr.ht](mailto:~ijanc/tesseras-security@lists.sr.ht)**
+
+This list is restricted to maintainers. Reports are welcome from anyone.
+
+### Encrypting your report
+
+Please encrypt sensitive reports using the maintainer's GPG key:
+
+- **Key ID:** `882CF78D7F04E7F4`
+- **Fingerprint:** `9C16 D725 0B23 6C1C C21A 46AB 882C F78D 7F04 E7F4`
+- **Key server:** `keys.openpgp.org`
+
+```
+gpg --keyserver keys.openpgp.org --recv-keys 9C16D7250B236C1CC21A46AB882CF78D7F04E7F4
+```
+
+### What to include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Affected components (crate, module, function)
+- Potential impact
+- Suggested fix, if any
+
+### What to expect
+
+- Acknowledgment within 48 hours
+- Status update within 7 days
+- Coordinated disclosure after a fix is available
+
+### Please do NOT
+
+- Open a public issue or pull request for security vulnerabilities
+- Disclose the vulnerability publicly before a fix is available
+- Exploit the vulnerability against other users' nodes or data
+
+## Scope
+
+The following are in scope for security reports:
+
+- Cryptographic issues (key generation, signing, encryption, erasure coding)
+- Network protocol vulnerabilities (DHT, QUIC transport, relay)
+- Authentication and authorization bypasses
+- Data integrity or confidentiality violations
+- Denial of service against individual nodes
+
+## Recognition
+
+Contributors who report valid vulnerabilities will be credited in the
+release notes (unless they prefer to remain anonymous).
-- 
cgit v1.2.3