SECURITY.md: keep only GitHub private advisories, drop SLA
This commit is contained in:
parent
b09e1e5502
commit
bb9bf1fa09
1 changed files with 8 additions and 13 deletions
21
SECURITY.md
21
SECURITY.md
|
|
@ -11,25 +11,20 @@ get fixes; please upgrade first.
|
|||
|
||||
## How to report a vulnerability
|
||||
|
||||
**Please do not open a public issue** for security-sensitive findings. Use one
|
||||
of these private channels instead:
|
||||
**Please do not open a public issue** for security-sensitive findings.
|
||||
|
||||
1. **Preferred:** GitHub's private security advisories.
|
||||
Go to the [Security tab](../../security/advisories/new) of this repo and
|
||||
click "Report a vulnerability". GitHub will route it to me privately.
|
||||
2. **Email:** `engelgardt2024@gmail.com` with the subject prefix `[security]`.
|
||||
Use GitHub's private security advisories: go to the
|
||||
[Security tab](../../security/advisories/new) of this repo and click
|
||||
"Report a vulnerability". GitHub will route it privately.
|
||||
|
||||
Please include:
|
||||
- The version of `dhcpsrv` you tested (output of the startup banner is enough).
|
||||
- The version you tested (the startup banner is enough).
|
||||
- Steps to reproduce, ideally with a packet capture or a short script.
|
||||
- An assessment of impact (LAN-only? remote? admin needed? etc.).
|
||||
|
||||
## What to expect
|
||||
|
||||
- Acknowledgement within **3 business days**.
|
||||
- A first technical reply within **7 business days**.
|
||||
- A fix and a public advisory once the issue is resolved. Reporters are
|
||||
credited unless they prefer to stay anonymous.
|
||||
Reports are reviewed and addressed on a best-effort basis. A fix and a public
|
||||
advisory will be published once the issue is resolved. Reporters are credited
|
||||
unless they prefer to stay anonymous.
|
||||
|
||||
## Out of scope
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue