Add project-level security policy
lepras opened this issue · comments
Feature idea
I think you are the only guys who are maintaining an android Keyboard regularly. (Maybe Graphene OS but that's just bare bones AOSP)
As keyboard is atleast a ring 1 app you should have a github and project level security and/or privacy policy.
https://wiki.yoctoproject.org/wiki/SECURITY_file
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
Examples:
https://github.com/M66B/FairEmail/blob/master/PRIVACY.md
https://github.com/M66B/FairEmail/blob/master/SECURITY.md
I think you should pin this issue, but ofcourse yk better.
Thanks for your proposal!
There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/
As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly.