-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
64dae2d
commit b2ee928
Showing
1 changed file
with
48 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# `git-crypt-pipe` Security Policy | ||
|
||
## 1. Purpose | ||
|
||
This document provides guidelines and procedures for maintaining the security and integrity of the `git-crypt-pipe` repository. | ||
|
||
## 2. Scope | ||
|
||
This policy applies to all contributors, maintainers, and users of the `git-crypt-pipe` repository. | ||
|
||
## 3. Repository Security | ||
|
||
### 3.1. Access Control | ||
|
||
- Access to the repository is restricted to authorized personnel only. All contributors must have a valid and active GitHub account. | ||
- External collaborators should be granted access on a need-to-know basis and should be reviewed periodically. | ||
|
||
### 3.2. Encryption | ||
|
||
- All sensitive data stored in this repo must be encrypted using `git-crypt`. | ||
- Authorized users will be provided with decryption keys. These keys must not be shared, stored publicly, or embedded in code. | ||
|
||
### 3.3. Code Review | ||
|
||
- All pull requests (PRs) must undergo a code review by at least one other member before being merged. | ||
- PRs with changes to cryptographic routines or handling of encrypted data must be reviewed by a security expert. | ||
|
||
## 4. Reporting Security Issues | ||
|
||
- If you discover a vulnerability or security issue, please create an issue on the GitHub repository. Label it as `security` for easy identification. | ||
- Do not disclose details of the vulnerability in public forums, chats, or other public channels. | ||
|
||
## 5. Patch Management | ||
|
||
- All contributors are encouraged to regularly fetch updates from the main branch and ensure their local copy is updated to benefit from security patches. | ||
|
||
## 6. Compliance | ||
|
||
- Contributors found to be in violation of this policy may have their access revoked. | ||
- Users and maintainers are encouraged to report any non-compliance to this policy. | ||
|
||
## 7. Review and Updates | ||
|
||
This policy will be reviewed annually or after any significant incident. | ||
|
||
## 8. Contact | ||
|
||
For any queries or concerns regarding this security policy, go f* yourself. |