Gittes-archive/spacedrive
2
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2025-12-11 20:15:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

[ENG-1165] Add a security policy and notices to the appropriate READMEs (#1409)

Browse Source 
* add security policy

* add a link to it in the main and crypto readmes
This commit is contained in:
jake 2023-09-30 09:31:38 +01:00 committed by GitHub
parent 45d9a94b06
commit 003d468833
3 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -77,6 +77,10 @@ View a list of our planned features here: [spacedrive.com/roadmap](https://space
Please refer to the [contributing guide](CONTRIBUTING.md) for how to install Spacedrive from sources. Please refer to the [contributing guide](CONTRIBUTING.md) for how to install Spacedrive from sources.
# Security Policy
Please refer to the [security policy](SECURITY.md) for details and information on how to responsibly report a security vulnerability or issue.
# Architecture # Architecture
This project is using what I'm calling the **"PRRTT"** stack (Prisma, Rust, React, TypeScript, Tauri). This project is using what I'm calling the **"PRRTT"** stack (Prisma, Rust, React, TypeScript, Tauri).

30
SECURITY.md Normal file
View File

@ -0,0 +1,30 @@
# Spacedrive Security Policy
## Reporting a vulnerability
If you find a vulnerability within the app, please report it to us. You may do so anonymously, or we can credit you for it if you wish.
The best way to report any vulnerability or security issue is to email us at [security@spacedrive.com](mailto:security@spacedrive.com).
You may find more details in our [security.txt](https://spacedrive.com/.well-known/security.txt) file, and a copy of our PGP key can be found [spacedrive.com/pgp-key.txt](https://spacedrive.com/pgp-key.txt), or below this message.
<details>
<summary>PGP Key</summary>
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEY5io8BYJKwYBBAHaRw8BAQdACK2o65kjGTShJ5JbpRZ+j1UifYxdGrs5VnJn
/psHv0e0InNlY3VyaXR5IDxzZWN1cml0eUBzcGFjZWRyaXZlLmNvbT6ImQQTFgoA
QRYhBAyPfu3J8YRaZx7C0cJwzcnw9t/KBQJjmKjwAhsDBQkD3IVQBQsJCAcCAiIC
BhUKCQgLAgQWAgMBAh4HAheAAAoJEMJwzcnw9t/KwPwBAN1llaO61SmP4QeQNebg
KS6/spqArAa/bNS49ihtdCBZAP9QaTgEs42D/qnu4QTeos1vmCaHX5lDpdgtMgaJ
00Y0BLg4BGOYqPASCisGAQQBl1UBBQEBB0Cnzds/TL9KdUWc+yVepvqm9knob+Na
euXnVGkLk/TQKQMBCAeIfgQYFgoAJhYhBAyPfu3J8YRaZx7C0cJwzcnw9t/KBQJj
mKjwAhsMBQkD3IVQAAoJEMJwzcnw9t/KJZIA/iAtQm+3aJlaFG+G5/zJvEAg0qdc
FElFSz5Kqeyd0BU/AQCOACKdLwNZ3exVR3S1ON1wM3qgaLPZoEmyfDE2/kmyBg==
=+LNM
-----END PGP PUBLIC KEY BLOCK-----
```
</details>

4
crates/crypto/README.md
View File

@ -38,3 +38,7 @@ You may find them below:
- AES-GCM and XChaCha20-Poly1305 audit by NCC group ([link](https://research.nccgroup.com/wp-content/uploads/2020/02/NCC_Group_MobileCoin_RustCrypto_AESGCM_ChaCha20Poly1305_Implementation_Review_2020-02-12_v1.0.pdf)) - AES-GCM and XChaCha20-Poly1305 audit by NCC group ([link](https://research.nccgroup.com/wp-content/uploads/2020/02/NCC_Group_MobileCoin_RustCrypto_AESGCM_ChaCha20Poly1305_Implementation_Review_2020-02-12_v1.0.pdf))
Breaking changes are very likely! Use at your own risk - no stability or security is guaranteed. Breaking changes are very likely! Use at your own risk - no stability or security is guaranteed.
## Security Policy
Please refer to the [security policy](../../SECURITY.md) for details and information on how to responsibly report a security vulnerability or issue.