Keysat
574a16d9fa
Snapshot of the working tree before cleanup. Captures: - Keysat licensing: server/license.js, /api/license/* endpoints in server/index.js, activation modal in public/index.html, embedded Ed25519 issuer key (assets/issuer.pub). - StartOS 0.4 expansion: setApiKey action, version files v0.1.1 through v0.1.15, file-models/config.json.ts, manifest updates. - Self-hosted registry server (startos-registry/). - Build/deploy scripts (bin/bump-version.sh, bin/deploy.sh, vendored yt-dlp binary), .gitignore, .deploy.env.example. - Recent design docs (KEYSAT_INTEGRATION.md, UPGRADE-DESIGN.md) — retained here so they remain recoverable when removed in the follow-up cleanup commit.
26 lines
1.2 KiB
Markdown
26 lines
1.2 KiB
Markdown
# Security Policies and Procedures
|
|
|
|
## Reporting a Bug
|
|
|
|
The `cookie` team and community take all security bugs seriously. Thank
|
|
you for improving the security of the project. We appreciate your efforts and
|
|
responsible disclosure and will make every effort to acknowledge your
|
|
contributions.
|
|
|
|
Report security bugs by emailing the current owner(s) of `cookie`. This
|
|
information can be found in the npm registry using the command
|
|
`npm owner ls cookie`.
|
|
If unsure or unable to get the information from the above, open an issue
|
|
in the [project issue tracker](https://github.com/jshttp/cookie/issues)
|
|
asking for the current contact information.
|
|
|
|
To ensure the timely response to your report, please ensure that the entirety
|
|
of the report is contained within the email body and not solely behind a web
|
|
link or an attachment.
|
|
|
|
At least one owner will acknowledge your email within 48 hours, and will send a
|
|
more detailed response within 48 hours indicating the next steps in handling
|
|
your report. After the initial reply to your report, the owners will
|
|
endeavor to keep you informed of the progress towards a fix and full
|
|
announcement, and may ask for additional information or guidance.
|