From 8f3d53746832585fb9cabb250387ece97205474d Mon Sep 17 00:00:00 2001
From: lleyton <lleyton@fyralabs.com>
Date: Sat, 3 Dec 2022 16:39:51 -0800
Subject: [PATCH 1/7] Create SECURITY.md

---
 SECURITY.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..cf805280ec
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,27 @@
+# Security Policy
+
+## Our Process
+
+Fyra Labs is committed to ensuring user security and privacy.
+As such, we try to ensure that our infrastructure and process are secure, which you may read about in our [FAQ] (https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
+If you have any security questions, please reach out to us on [Discord](https://discord.gg/5fdPuxTg5Q) or through [email](mailto:security@fyralabs.com).
+We will try to respond promptly, although you might get a response quicker on Discord.
+
+As a part of Fyra Labs's transparency measures, we will publicize details of any known breaches. This information will include, but will not be limited to:
+* Affected users, infrastructure, and data.
+* The severity of the attack.
+* An in-depth explanation of how the breach occurred, including relevant security vulnerabilities.
+* How Fyra Labs will better protect user data in the future, ensuring our commitment to security and privacy.
+
+We will publish these updates on our [Twitter](https://twitter.com/TeamFyraLabs) and [Discord](https://discord.gg/5fdPuxTg5Q).
+
+## Reporting a Vulnerability
+
+Terra is a rolling-release package repository. As such, we push updates as soon as the upstream project releases them.
+If you find a vulnerability in an upstream project, please report it to that project directly. We **will** decline reports that are solely due to an upstream bug. 
+
+However, if the upstream project is unmaintained or does not resolve the vulnerability after being disclosed, you may file a security advisory.
+Depending on the package, we might remove it from the Terra repositories or patch it to resolve the vulnerability.
+
+In the case of a vulnerability in our infrastructure or packaging, you may report it using [GitHub's security advisory system](https://github.com/terrapkg/packages/security/advisories).
+We will try to respond to reports ASAP, at most in 24 hours. Please refrain from publicizing the vulnerability until we have published the security advisory. Not doing so **will** put end-users at risk.

From 9fecf85df07eb97dd0faefaa3e8ca4334d2d2cb0 Mon Sep 17 00:00:00 2001
From: lleyton <lleyton@fyralabs.com>
Date: Sat, 3 Dec 2022 16:43:38 -0800
Subject: [PATCH 2/7] Fix typo

---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index cf805280ec..6945f1ba51 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,7 +3,7 @@
 ## Our Process
 
 Fyra Labs is committed to ensuring user security and privacy.
-As such, we try to ensure that our infrastructure and process are secure, which you may read about in our [FAQ] (https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
+As such, we try to ensure that our infrastructure and process are secure, which you may read about in our [FAQ](https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
 If you have any security questions, please reach out to us on [Discord](https://discord.gg/5fdPuxTg5Q) or through [email](mailto:security@fyralabs.com).
 We will try to respond promptly, although you might get a response quicker on Discord.
 

From 6d1be93a18bc971547853600606e33f64166d123 Mon Sep 17 00:00:00 2001
From: windowsboy111 <wboy111@outlook.com>
Date: Sun, 4 Dec 2022 08:44:17 +0800
Subject: [PATCH 3/7] Update SECURITY.md

---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 6945f1ba51..1c17ee2134 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -24,4 +24,4 @@ However, if the upstream project is unmaintained or does not resolve the vulnera
 Depending on the package, we might remove it from the Terra repositories or patch it to resolve the vulnerability.
 
 In the case of a vulnerability in our infrastructure or packaging, you may report it using [GitHub's security advisory system](https://github.com/terrapkg/packages/security/advisories).
-We will try to respond to reports ASAP, at most in 24 hours. Please refrain from publicizing the vulnerability until we have published the security advisory. Not doing so **will** put end-users at risk.
+We will try to respond to reports as soon as possible, at most in 24 hours. Please refrain from publicizing the vulnerability until we have published the security advisory in order to avoid putting end-users at risk.

From 91debf637d38d849eedb4ea551d9573703f6aa6c Mon Sep 17 00:00:00 2001
From: windowsboy111 <wboy111@outlook.com>
Date: Sun, 4 Dec 2022 08:46:05 +0800
Subject: [PATCH 4/7] Update SECURITY.md

---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 1c17ee2134..b355f60567 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,7 +3,7 @@
 ## Our Process
 
 Fyra Labs is committed to ensuring user security and privacy.
-As such, we try to ensure that our infrastructure and process are secure, which you may read about in our [FAQ](https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
+As such, we constantly try our best to ensure that our infrastructure and process are secure, which you may read about in our [FAQ](https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
 If you have any security questions, please reach out to us on [Discord](https://discord.gg/5fdPuxTg5Q) or through [email](mailto:security@fyralabs.com).
 We will try to respond promptly, although you might get a response quicker on Discord.
 

From b5899f34c3b5f907b07cd36daf310c68bce85cf6 Mon Sep 17 00:00:00 2001
From: lleyton <lleyton@fyralabs.com>
Date: Sat, 3 Dec 2022 17:09:19 -0800
Subject: [PATCH 5/7] Update SECURITY.md

Co-authored-by: infinitebash <32340104+infinitebash@users.noreply.github.com>
---
 SECURITY.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index b355f60567..d09b273445 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,6 @@
 
 Fyra Labs is committed to ensuring user security and privacy.
 As such, we constantly try our best to ensure that our infrastructure and process are secure, which you may read about in our [FAQ](https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
-If you have any security questions, please reach out to us on [Discord](https://discord.gg/5fdPuxTg5Q) or through [email](mailto:security@fyralabs.com).
 We will try to respond promptly, although you might get a response quicker on Discord.
 
 As a part of Fyra Labs's transparency measures, we will publicize details of any known breaches. This information will include, but will not be limited to:

From a293ec9bf0735153dbe4d5104c8cf8f1d14a49c1 Mon Sep 17 00:00:00 2001
From: lleyton <lleyton@fyralabs.com>
Date: Sat, 3 Dec 2022 17:10:02 -0800
Subject: [PATCH 6/7] Update SECURITY.md

Co-authored-by: infinitebash <32340104+infinitebash@users.noreply.github.com>
---
 SECURITY.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index d09b273445..cee7a552f5 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -24,3 +24,8 @@ Depending on the package, we might remove it from the Terra repositories or patc
 
 In the case of a vulnerability in our infrastructure or packaging, you may report it using [GitHub's security advisory system](https://github.com/terrapkg/packages/security/advisories).
 We will try to respond to reports as soon as possible, at most in 24 hours. Please refrain from publicizing the vulnerability until we have published the security advisory in order to avoid putting end-users at risk.
+
+## Contact Us
+
+If you have any questions out our security policy, please reach out to us on [Discord](https://discord.gg/5fdPuxTg5Q) or through [email](mailto:security@fyralabs.com). Please report security vulnerabilities using the aforementioned method.
+We will try to respond promptly to both, however you will likely get a quicker response via Discord.

From 1ff05216e7d7e26c5cf9f30f77323398a9457145 Mon Sep 17 00:00:00 2001
From: lleyton <lleyton@fyralabs.com>
Date: Sat, 3 Dec 2022 17:10:07 -0800
Subject: [PATCH 7/7] Update SECURITY.md

Co-authored-by: infinitebash <32340104+infinitebash@users.noreply.github.com>
---
 SECURITY.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index cee7a552f5..fc927d4dfb 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,6 @@
 
 Fyra Labs is committed to ensuring user security and privacy.
 As such, we constantly try our best to ensure that our infrastructure and process are secure, which you may read about in our [FAQ](https://github.com/terrapkg/packages/wiki/FAQ#technical-details).
-We will try to respond promptly, although you might get a response quicker on Discord.
 
 As a part of Fyra Labs's transparency measures, we will publicize details of any known breaches. This information will include, but will not be limited to:
 * Affected users, infrastructure, and data.