23 lines
620 B
Markdown
23 lines
620 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| --- | --- |
|
|
| Latest `main` | Yes |
|
|
|
|
## Reporting A Vulnerability
|
|
|
|
Report security issues privately to the project owner.
|
|
|
|
Do not include secrets, production data, private repository URLs, or credentials in public issues.
|
|
|
|
## Project Security Principles
|
|
|
|
- Keep secrets out of the repository.
|
|
- Prefer local processing for user data.
|
|
- Document external network calls.
|
|
- Keep release artifacts reproducible through CI.
|
|
- Run dependency and workflow checks before releases.
|
|
- Connected Library v1 must use public HTTPS manifest and `.mrpack` URLs only.
|