This is the Security Policy for the Perl
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter distribution.
The latest version of the Security Policy can be found in the
Git repository for Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter,
https://github.com/perl-Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter.
This text is based on the CPAN Security Group's Guidelines for Adding
a Security Policy to Perl Distributions (version 0.2.2),
https://security.metacpan.org/docs/guides/security-policy-for-authors.html
How to Report a Security Vulnerability
=== == ====== = ======== =============
Security vulnerabilities can be reported by e-mail to the current
project maintainer at WYANT AT cpan DOT org.
Please include as many details as possible, including code samples
or test cases, so that I can reproduce the issue. Check that your
report does not expose any sensitive data, such as passwords,
tokens, or personal information.
If you would like any help with triaging the issue, or if the issue
is being actively exploited, please copy the report to the CPAN
Security Group (CPANSec) at [email protected].
Please DO NOT use the public issue reporting system on RT or
GitHub issues for reporting security vulnerabilities.
Please do not disclose the security vulnerability in public forums
until past any proposed date for public disclosure, or it has been
made public by the maintainers or CPANSec. That includes patches or
pull requests.
For more information, see "Report a Security Issue",
https://security.metacpan.org/docs/report.html on the CPANSec website.
Response to Reports
======== == =======
The maintainer aims to acknowledge your security report as soon as
possible. However, this project is maintained by a single person in his
spare time, and he cannot guarantee a rapid response. If you have not
received a response within a week, then please send a reminder and copy
the report to CPANSec at [email protected].
Please note that the initial response to your report will be an
acknowledgement, with a possible query for more information. It
will not necessarily include any fixes for the issue.
The project maintainer may forward this issue to the security
contacts for other projects where he believe it is relevant. This
may include embedded libraries, system libraries, prerequisite
modules or downstream software that uses this software.
He may also forward this issue to CPANSec.
Which Software this Policy Applies to
===== ======== ==== ====== ======= ==
Any security vulnerabilities in
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter are covered by
this policy.
Security vulnerabilities are considered anything that allows users
to execute unauthorised code, access unauthorised resources, or to
have an adverse impact on accessibility or performance of a system.
Security vulnerabilities in upstream software (embedded libraries,
prerequisite modules or system libraries, or in Perl), are not covered
by this policy unless they affect
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter, or
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter can be used to
exploit vulnerabilities in them.
Security vulnerabilities in downstream software (any software that uses
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter, or plugins to
it that are not included with the
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter distribution)
are not covered by this policy.
Supported Versions of Covered Software
========= ======== == ======= ========
The maintainer will only commit to releasing security fixes for the
latest version of
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter.
Note that the Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter
project only supports production versions of Perl at of above the
version indicated in the metadata. If a security fix requires me to
increase the minimum version of Perl that is supported, then I may do
so.
Installation and Usage Issues
============ === ===== ======
The distribution metadata specifies minimum versions of prerequisites
that are required for
Perl-Critic-Policy-Variables-ProhibitUnusedVarsStricter to work.
However, some of these prerequisites may have security vulnerabilities,
and you should ensure that you are using up-to-date versions of these
prerequisites.
Where security vulnerabilities are known, the metadata may indicate
newer versions as recommended.
Usage
=====
Please see the software documentation for further information.