Codebase list golang-github-containers-common / lintian-fixes/main SECURITY.md
lintian-fixes/main

Tree @lintian-fixes/main (Download .tar.gz)

SECURITY.md @lintian-fixes/mainraw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Security and Disclosure Information Policy for the Containers Projects

 * [Reporting a Vulnerability](#Reporting-a-Vulnerability)
 * [Security Announcements](#Security-Announcements)
 * [Security Vulnerability Response](#Security-Vulnerability-Response)

## Reporting a Vulnerability

If you think you've identified a security issue in a Containers project,
please DO NOT report the issue publicly via the Github issue tracker,
mailing list, or IRC. Instead, send an email with as many details as 
possible to [security@lists.podman.io](mailto:security@lists.podman.io?subject=Security%20Vunerablity%20Report).
This is a private mailing list for the core maintainers.

Please do **not** create a public issue.

## Security Announcements

The [podman@lists.podman.io](mailto:podman@lists.podman.io) email list is used for messages about
Podman security announcements as well as general announcements and
discussions.
You can join the list [here](https://lists.podman.io/admin/lists/podman.lists.podman.io/)
or by sending an email to [podman-join@lists.podman.io](mailto:podman-join@lists.podman.io?subject=subscribe)
with the word "subscribe" in the subject.

## Security Vulnerability Response

Each report is acknowledged and analyzed by the core maintainers within 3 working days.

Any vulnerability information shared with core maintainers stays within a Containers project
and will not be disseminated to other projects unless it is necessary to get the issue fixed.

As the security issue moves from triage, to an identified fix, to release planning, the core
maintainers will keep the reporter updated.