Security
Terraspace takes security very seriously. This document outlines the Terraspace Security Policy.
Terraspace is built mainly by tongueroo and a few open-source contributors. There’s no huge corporation behind Terraspace. This gives us the advantage of nimbleness, but it also means we don’t have vast resources. So Terraspace takes a pragmatic approach to getting things done. We’ll try to keep the process clear, simple, and light.
Reporting a vulnerability
To report a vulnerability, simply:
- Send an email to security@boltops.com.
- If that does not get a response within 3 days, email tung@boltops.com directly.
As we work on the security issue, we’ll provide updates when there’s new helpful info. When the fix is released, we’ll provide relevant details and disclosure in the PR itself.
This approach should help with timely security updates in a controlled and discreet manner. Hopefully, it will also provide the most overall benefit to the community of Terraspace users.
We love and welcome PRs to help. If you would like to help, please reach out to security@boltops.com. Of course, no sweat either way.
Supported Versions
The project optimizes to get things done. Hence we are only supporting security updates for the latest version. Versions lower than the latest patch version will not receive backported security updates.
