Terraspace takes security very seriously. This document outlines the Terraspace Security Policy.
Terraspace is built mainly by tongueroo and a few open-source contributors. There’s no huge corporation behind Terraspace. This gives us the advantage of nimbleness, but it also means we don’t have vast resources. So Terraspace takes a pragmatic approach to getting things done. We’ll try to keep the process clear, simple, and light.
Reporting a vulnerability
To report a vulnerability, simply:
- Send an email to firstname.lastname@example.org.
- If that does not get a response within 3 days, email email@example.com directly.
As we work on the security issue, we’ll provide updates when there’s new helpful info. When the fix is released, we’ll provide relevant details and disclosure in the PR itself.
This approach should help with timely security updates in a controlled and discreet manner. Hopefully, it will also provide the most overall benefit to the community of Terraspace users.
We love and welcome PRs to help. If you would like to help, please reach out to firstname.lastname@example.org. Of course, no sweat either way.
The project optimizes to get things done. Hence we are only supporting security updates for the latest version. Versions lower than the latest patch version will not receive backported security updates.