Add project-level security policy

Question

lepras opened this issue a month ago · comments

I think you are the only guys who are maintaining an android Keyboard regularly. (Maybe Graphene OS but that's just bare bones AOSP)

As keyboard is atleast a ring 1 app you should have a github and project level security and/or privacy policy.

Examples:

I think you should pin this issue, but ofcourse yk better.

Patrick Goldinger · Answer 1 · Thu May 02 2024 19:48:48 GMT+0800 (China Standard Time)

Thanks for your proposal!

There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/

As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly.

Lepras · Answer 2 · Thu May 02 2024 21:07:51 GMT+0800 (China Standard Time)

Should have a privacy.md in the repo itself, but ofc you are the final judge.

-------- Original Message --------

On 5/2/24 5:19 PM, Patrick Goldinger wrote: Thanks for your proposal! There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/ As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly. — Reply to this email directly, [view it on GitHub](#2466 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/A2E3WMCLFEJS3TCZLAV6FLDZAIR3JAVCNFSM6AAAAABHDRNEOKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJQGMYDKMZVGA). You are receiving this because you authored the thread.Message ID: ***@***.***>