funkemunky/packages
1
0
Fork 0
mirror of https://github.com/terrapkg/packages.git synced 2026-05-31 09:01:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
72fdc2ccbfca6c844f21e8b08c1e02086fdfd449
packages/SECURITY.md
T
lleyton 85babd8d1c docs: correct broken links (#894)
2024-01-17 12:10:46 +08:00

31 lines
2.2 KiB
Markdown
Raw Blame History

# Security Policy
## Our Process
Fyra Labs is committed to ensuring user security and privacy.
As such, we constantly try our best to ensure that our infrastructure and process are secure, which you may read about in our [FAQ](https://developer.fyralabs.com/terra/faq#technical-details).
As a part of Fyra Labs's transparency measures, we will publicize details of any known breaches. This information will include, but will not be limited to:
* Affected users, infrastructure, and data.
* The severity of the attack.
* An in-depth explanation of how the breach occurred, including relevant security vulnerabilities.
* How Fyra Labs will better protect user data in the future, ensuring our commitment to security and privacy.
We will publish these updates on our [Twitter](https://twitter.com/TeamFyraLabs), [Fedi](https://fedi.fyralabs.com/@hq), and [Discord](https://discord.gg/5fdPuxTg5Q).
## Reporting a Vulnerability
Terra is a rolling-release package repository. As such, we push updates as soon as the upstream project releases them.
If you find a vulnerability in an upstream project, please report it to that project directly. We **will** decline reports that are solely due to an upstream bug.
However, if the upstream project is unmaintained or does not resolve the vulnerability after being disclosed, you may file a security advisory.
Depending on the package, we might remove it from the Terra repositories or patch it to resolve the vulnerability.
In the case of a vulnerability in our infrastructure or packaging, you may report it using [GitHub's security advisory system](https://github.com/terrapkg/packages/security/advisories).
We will try to respond to reports as soon as possible, at most in 24 hours. Please refrain from publicizing the vulnerability until we have published the security advisory in order to avoid putting end-users at risk.
## Contact Us
If you have any questions out our security policy, please reach out to us on [Discord](https://discord.gg/5fdPuxTg5Q) or through [email](mailto:security@fyralabs.com). Please report security vulnerabilities using the aforementioned method.
We will try to respond promptly to both, however you will likely get a quicker response via Discord.
Reference in New Issue View Git Blame Copy Permalink