-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(lib|sys): move security-related stuff from NOTICE to SECURITY file
- Loading branch information
1 parent
06b99c6
commit a5a43e6
Showing
6 changed files
with
34 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,35 +16,6 @@ This repository is currently maintained by the following developers: | |
| |:----------------:|:--------------------:|:--------------------------------------------:| | ||
| | Hugo Hakim Damer | [email protected] | [@pulsastrix](https://github.com/pulsastrix) | | ||
|
|
||
| ## Reporting Security Vulnerabilities | ||
|
|
||
| Security vulnerabilities may be reported using the | ||
| [GitHub Vulnerability Reporting Tool](https://github.com/namib-project/libcoap-rs/security). | ||
| If you prefer email, you may also report security vulnerabilities to any of the maintainers' email | ||
| addresses listed above (ideally encrypted using PGP). | ||
| *DO NOT* open a public GitHub issue for security vulnerabilities. | ||
|
|
||
| When reporting a security vulnerability, please provide instructions on how to reproduce the issue. | ||
| Do not send reports that were generated with automated vulnerability scanning or AI tools without | ||
| verifying that they are not false positives or without providing additional context. | ||
|
|
||
| Also, please ensure that reported security vulnerabilities pertain to libcoap-rs and/or libcoap-sys | ||
| in particular, not to the libcoap C library or any libraries libcoap depends on. | ||
| For instructions on reporting security vulnerabilities that pertain to libcoap, refer to | ||
| [its own security policy](https://github.com/obgm/libcoap/blob/develop/SECURITY.md). | ||
|
|
||
| As libcoap-rs is not maintained by a for-profit entity, we do not offer any monetary compensation | ||
| for vulnerability or bug reports, but your contributions are greatly appreciated. | ||
|
|
||
| Lastly, please note that as an open source project, libcoap-rs and libcoap-sys are provided "as is", | ||
| i.e., without any warranty or guarantee of fitness for a particular purpose ([see below](#copyright-information)). | ||
|
|
||
| ### Security Vulnerability Hall of Fame | ||
|
|
||
| We are very thankful to the following people for reporting security issues in the past: | ||
|
|
||
| - None yet. | ||
|
|
||
| ## Copyright Information | ||
|
|
||
| Copyright © 2021-2025 Hugo Hakim Damer, the NAMIB Project Members, and the other libcoap-rs Contributors. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # Security Policy | ||
|
|
||
| ## Reporting Security Vulnerabilities | ||
|
|
||
| Security vulnerabilities may be reported using the | ||
| [GitHub Vulnerability Reporting Tool](https://github.com/namib-project/libcoap-rs/security). | ||
| If you prefer email, you may also report security vulnerabilities to any of the maintainers' email | ||
| addresses listed in the NOTICE.md file (ideally encrypted using PGP). | ||
| *DO NOT* open a public GitHub issue for security vulnerabilities. | ||
|
|
||
| When reporting a security vulnerability, please provide instructions on how to reproduce the issue. | ||
| Do not send reports that were generated with automated vulnerability scanning or AI tools without | ||
| verifying that they are not false positives or without providing additional context. | ||
|
|
||
| Also, please ensure that reported security vulnerabilities pertain to libcoap-rs and/or libcoap-sys | ||
| in particular, not to the libcoap C library or any libraries libcoap depends on. | ||
| For instructions on reporting security vulnerabilities that pertain to libcoap, refer to | ||
| [its own security policy](https://github.com/obgm/libcoap/blob/develop/SECURITY.md). | ||
|
|
||
| As libcoap-rs is not maintained by a for-profit entity, we do not offer any monetary compensation | ||
| for vulnerability or bug reports, but your contributions are greatly appreciated. | ||
|
|
||
| Lastly, please note that as an open source project, libcoap-rs and libcoap-sys are provided "as is", | ||
| i.e., without any warranty or guarantee of fitness for a particular purpose ([see below](#copyright-information)). | ||
|
|
||
| ### Security Vulnerability Hall of Fame | ||
|
|
||
| We are very thankful to the following people for reporting security issues in the past: | ||
|
|
||
| - None yet. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,7 +18,7 @@ readme = "README.md" | |
| repository = "https://github.com/namib-project/libcoap-rs" | ||
| authors = ["Hugo Hakim Damer <[email protected]>"] | ||
| categories = ["external-ffi-bindings", "network-programming", "embedded"] | ||
| include = ["/README.md", "/LICENSE", "/NOTICE.md"] | ||
| include = ["/README.md", "/LICENSE", "/NOTICE.md", "/SECURITY.md"] | ||
| keywords = ["coap", "libcoap"] | ||
| exclude = ["src/libcoap/ext/"] | ||
| resolver = "2" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../SECURITY.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,7 +14,7 @@ version = "0.2.2" | |
| edition = "2021" | ||
| license = "BSD-2-Clause" | ||
| readme = "README.md" | ||
| include = ["/README.md", "/LICENSE", "/NOTICE.md"] | ||
| include = ["/README.md", "/LICENSE", "/NOTICE.md", "/SECURITY.md"] | ||
| repository = "https://github.com/namib-project/libcoap-rs" | ||
| authors = ["Hugo Hakim Damer <[email protected]>"] | ||
| categories = ["api-bindings", "network-programming", "embedded"] | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../SECURITY.md |