florisboard icon indicating copy to clipboard operation
florisboard copied to clipboard
verified publisher icon florisboard

Add project-level security policy

Open lepras opened this issue 1 year ago • 2 comments

Feature idea

I think you are the only guys who are maintaining an android Keyboard regularly. (Maybe Graphene OS but that's just bare bones AOSP)

As keyboard is atleast a ring 1 app you should have a github and project level security and/or privacy policy.

https://wiki.yoctoproject.org/wiki/SECURITY_file

https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

Examples:

https://github.com/M66B/FairEmail/blob/master/PRIVACY.md

https://github.com/M66B/FairEmail/blob/master/SECURITY.md

I think you should pin this issue, but ofcourse yk better.

lepras avatar May 02 '24 11:05 lepras

Thanks for your proposal!

There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/

As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly.

patrickgold avatar May 02 '24 11:05 patrickgold

Should have a privacy.md in the repo itself, but ofc you are the final judge.

-------- Original Message -------- On 5/2/24 5:19 PM, Patrick Goldinger wrote:

Thanks for your proposal!

There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/

As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

lepras avatar May 02 '24 13:05 lepras