Conversation
Initial Security.md file
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4096 +/- ##
=======================================
Coverage 88.67% 88.67%
=======================================
Files 25 25
Lines 2438 2438
Branches 610 615 +5
=======================================
Hits 2162 2162
Misses 274 274
Partials 2 2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| - The affected version(s) or commit(s) | ||
| - Any suggested fix, if you have one | ||
|
|
||
| ### Response timeline |
There was a problem hiding this comment.
These timings seem very slow in reality. We maybe want to say we will strive to reply etc as soon as possible.
There was a problem hiding this comment.
adjust in the spirit of as fast as possible
|
|
||
| ### Disclosure policy | ||
|
|
||
| We follow a **coordinated disclosure** process with a **30-day embargo**: |
There was a problem hiding this comment.
Are these timings a bit enterprise? We're faster than this.
There was a problem hiding this comment.
no big reasons to change the upper limit. I'll adjust times on the previous section
|
|
||
| ## Scope | ||
|
|
||
| The following are **in scope**: |
There was a problem hiding this comment.
Durable Streams?
Phoenix Sync?
TanStack DB?
There was a problem hiding this comment.
DS and Ts DB have their own packages, they should have their own security policy
Updated response timeline for security reports to improve acknowledgment and assessment times, and clarified resolution commitments.
balegas
dismissed
thruflo’s stale review
I believe I've addressed your feedback. I'm merging this to not get blocked. Respond to this PR if you want further changes
3 participants
Initial Security.md file