Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create SECURITY.md #441

Merged
merged 3 commits into from
Jan 23, 2025
Merged

Create SECURITY.md #441

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
75b533b
Create SECURITY.md
Zeitsperre Jan 21, 2025
4ee7af0
Merge branch 'master' into security
Zeitsperre Jan 23, 2025
0f1d0c8
update CHANGELOG.rst
Zeitsperre Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ v0.17.0 (unreleased)
* Updated the Python, Anaconda, and Ubuntu versions used to generate the documentation.
* Small import fixes and minor code cleanup (`ravenpy.extractors`). (PR #436)
* Adjusted pins for `intake`, `intake-esm` and `zarr` to ensure notebooks run correctly. (PR #440)
* Added a Security Policy (`SECURITY.md`) to the repository. (PR #441)

v0.16.1 (2024-12-05)
--------------------
Expand Down
38 changes: 38 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Security Policy

## Supported Versions

`RavenPy` receives regular updates every three to six (3-6) months. In the event of a security-related bug discovery soon after the release of a `RavenPy` version, the last supported version will receive a patch release.

## Reporting a Vulnerability

If you believe you have found a security vulnerability in `RavenPy`, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.

Please follow these steps to report a security vulnerability:

1. **Email**: Email [github-support@ouranos.ca](mailto:github-support@ouranos.ca) with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.

2. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.

3. **Response**: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.

4. **Fix and Disclosure**: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.

## PGP Encryption Key

You can use the following PGP key to encrypt your communications with us:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
kuLGmHpUJ8NVGppU+wo=
=wuxr
-----END PGP PUBLIC KEY BLOCK-----
Loading