You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+10-4Lines changed: 10 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,14 +2,20 @@
2
2
3
3
This document outlines security procedures and general policies for the Swift Package Index project.
4
4
5
-
## Reporting a Bug
5
+
## Reporting Security Issues with the Project
6
6
7
-
We take all security bugs in the Swift Package Index project seriously. We appreciate your responsible disclosure efforts andwill acknowledge your contributions where appropriate.
7
+
We take all security bugs in the Swift Package Index project seriously. We appreciate your responsible disclosure efforts and, where appropriate, will acknowledge your contributions.
8
8
9
-
Report security bugs via the “[Security](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/security)” tab in our GitHub repository or via the “[Report a Vulnerability](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/security/advisories/new)” form. This will open a private conversation to report and discuss the vulnerability with project maintainers.
9
+
Please report security bugs via the “[Security](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/security)” tab in the [Server GitHub repository](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server) or directly via the “[Report a Vulnerability](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/security/advisories/new)” form. This will open a private conversation with the Swift Package Index project maintainers.
10
10
11
11
Once we resolve a security issue, where appropriate, we will publish a security advisory on the GitHub repository’s “Security” tab.
12
12
13
+
## Reporting Security Issues in Packages in the Index
14
+
15
+
If you find a security issue **in a package indexed by the Swift Package Index package**, please report it directly to the package maintainer.
16
+
17
+
If you believe a package has malicious intent or critical security issues that the maintainer doesn’t address promptly, report it via the “[Security](https://github.com/SwiftPackageIndex/PackageList/security)” tab in the [PackageList GitHub repository](https://github.com/SwiftPackageIndex/PackageList) or directly via the “[Report a Vulnerability](https://github.com/SwiftPackageIndex/PackageList/security)” form. This will open a private conversation with the Swift Package Index project maintainers.
18
+
13
19
## Comments on this Policy
14
20
15
-
Please[open a discussion](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/discussions/new/choose)if you have suggestions to improve this process.
21
+
Please[open a discussion](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/discussions/new/choose)if you have suggestions to improve this process.
0 commit comments