Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create SECURITY.md #2674

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Create SECURITY.md #2674

wants to merge 1 commit into from

Conversation

iAnonymous3000
Copy link

@iAnonymous3000 iAnonymous3000 commented Dec 19, 2024
edited
Loading

This PR adds a SECURITY.md file to the repository, providing a clear security policy for the Quiet project. The document outlines:

  • The scope and limitations of Quiet’s current security posture.
  • Supported versions, with the latest release being the only one to receive timely patches.
  • Guidance on iOS push notifications, noting potential metadata exposure, and the option for users to disable them for better privacy.
  • Warnings that Quiet is not audited and is unsuitable for high-risk scenarios where proven security is required.
  • A vulnerability reporting process, with details on disclosure timelines and crediting reporters.
  • References to the project’s Threat Model and future intentions to refine metadata exposure details.

This addition aims to improve transparency and help users understand Quiet’s current security stance and who should or shouldn’t rely on it. Feedback is welcome, especially regarding clarity and completeness.

@iAnonymous3000
Create SECURITY.md
1d5a4a0 
This PR adds a `SECURITY.md` file to the repository, providing a clear security policy for the Quiet project. The document outlines:

- The scope and limitations of Quiet’s current security posture.
- Supported versions, with the latest release being the only one to receive timely patches.
- Guidance on iOS push notifications, noting potential metadata exposure, and the option for users to disable them for better privacy.
- Warnings that Quiet is not audited and is unsuitable for high-risk scenarios where proven security is required.
- A vulnerability reporting process, with details on disclosure timelines and crediting reporters.
- References to the project’s Threat Model and future intentions to refine metadata exposure details.

This addition aims to improve transparency and help users understand Quiet’s current security stance and who should or shouldn’t rely on it. Feedback is welcome, especially regarding clarity and completeness.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@iAnonymous3000