File tree Expand file tree Collapse file tree 1 file changed +38
-0
lines changed
Expand file tree Collapse file tree 1 file changed +38
-0
lines changed Original file line number Diff line number Diff line change 1+ = Security Policy
2+
3+ == Supported Versions
4+
5+ This repository is currently under *active development*. All work targets the `main` branch; tagged releases are supported as published.
6+
7+ == Reporting Vulnerabilities
8+
9+ If you discover a security issue related to:
10+
11+ * the Palimpsest‑MPL license text
12+ * provenance tooling (pmpl-sign, pmpl-verify, pmpl-audit)
13+ * CI/CD workflows
14+ * this repository’s configuration
15+
16+ please:
17+
18+ 1. Do not open a public issue for sensitive findings.
19+ 2. Contact the Palimpsest Stewardship Council via the contact channels listed in the repository README.
20+ 3. Provide as much detail as possible (steps to reproduce, impact, affected components).
21+
22+ The Council will:
23+
24+ * acknowledge receipt within a reasonable time
25+ * evaluate the report
26+ * coordinate a fix or clarification where necessary
27+ * publish security notes when appropriate
28+
29+ == Security Hardening
30+
31+ This repository adopts:
32+
33+ * least‑privilege GitHub Actions permissions
34+ * regular dependency and security scans
35+ * OpenSSF Scorecard monitoring
36+ * SPDX and provenance‑aware practices
37+
38+ See `.github/workflows/` for details.
You can’t perform that action at this time.
0 commit comments