Skip to content

Commit a75ebf8

Browse files
caozhuozicaozhuozi
committed
refer the community security page
Signed-off-by: caozhuozi <[email protected]>
1 parent 5ddf491 commit a75ebf8

File tree

1 file changed

+2
-43
lines changed

1 file changed

+2
-43
lines changed

SECURITY.md

Lines changed: 2 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,46 +1,5 @@
11
# Security Policy
22

3-
## Reporting a Vulnerability
3+
Please refer to our [Community Security Policy][community-security-policy].
44

5-
We're extremely grateful for security researchers and users who report vulnerabilities they discovered in modelpack.
6-
All reports are thoroughly reviewed and investigated.
7-
8-
### When Should I Report a Vulnerability?
9-
10-
You should report if:
11-
12-
- You think you have discovered a potential security vulnerability in modepack
13-
- You are uncertain about the security impact of an issue you found in modelpack.
14-
15-
### How to Report a Vulnerability?
16-
17-
Please report a vulnerability using GitHub’s [Security Advisories](https://github.com/modelpack/model-spec/security).
18-
**Do not create a public issue, pull request, or discussion**.
19-
20-
To submit a report, navigate to the repository's main page, open the **Security** tab, select **Advisories** from the sidebar,
21-
click **Report a vulnerability**, provide the required details, and submit.
22-
This process will create a private advisory visible only to the maintainers for review.
23-
24-
### Security Vulnerability Response
25-
26-
Our maintainers will review and respond to your report within **5 working days**. Depending on the severity and complexity of the issue, resolution times may vary, but we will keep you informed throughout the process.
27-
28-
### Supported Versions
29-
30-
We only provide security fixes for the latest major version.
31-
32-
| Version | Security Fixes Provided |
33-
|---------------|-------------------------|
34-
| `@latest` | Yes |
35-
| Older versions| Not Guaranteed |
36-
37-
### Public Disclosure Timing
38-
39-
The disclosure date will be agreed upon between the **modelpack** maintainers and the reporter.
40-
In general:
41-
42-
- Immediate disclosure may occur if the issue is already public.
43-
- For vulnerabilities with straightforward fixes, disclosure is typically within **7 days** of the report.
44-
- For complex issues requiring more time to investigate and validate fixes, disclosure may be delayed—up to a maximum of **90 days**.
45-
46-
Delays may also be necessary if the bug or fix is not yet fully understood or adequately tested.
5+
[community-security-policy]: https://github.com/modelpack/community/blob/main/SECURITY.md

0 commit comments

Comments
 (0)