mirror of
https://github.com/michaelrsweet/pdfio.git
synced 2024-12-26 05:18:21 +01:00
Update security reporting and contribution text.
This commit is contained in:
parent
74a6fb1860
commit
4630060ee7
@ -118,7 +118,7 @@ the source file and the copyright and licensing notice:
|
||||
//
|
||||
// Description of file contents.
|
||||
//
|
||||
// Copyright YYYY by AUTHOR.
|
||||
// Copyright © YYYY by AUTHOR.
|
||||
//
|
||||
// Licensed under Apache License v2.0. See the file "LICENSE" for more
|
||||
// information.
|
||||
@ -330,7 +330,7 @@ typedef, for example:
|
||||
|
||||
All constant names are uppercase with underscores between words, e.g.,
|
||||
`PDFIO_THIS_CONSTANT`, `PDFIO_THAT_CONSTANT`, etc. Constants begin with the
|
||||
"PDFio\_" prefix to avoid conflicts with system constants. Private constants
|
||||
"PDFIO\_" prefix to avoid conflicts with system constants. Private constants
|
||||
start with an underscore, e.g., `_PDFIO_THIS_CONSTANT`,
|
||||
`_PDFIO_THAT_CONSTANT`, etc.
|
||||
|
||||
@ -369,11 +369,12 @@ extensions MUST NOT be used.
|
||||
The following variables are defined in the makefile:
|
||||
|
||||
- `AR`; the static library archiver command,
|
||||
- `ARFLAGS`; options for the static library archiver command,
|
||||
- `ARFLAGS`; options for the static library archiver,
|
||||
- `CC`; the C compiler command,
|
||||
- `CFLAGS`; options for the C compiler command,
|
||||
- `CFLAGS`; options for the C compiler,
|
||||
- `CODESIGN_IDENTITY`: the code signing identity,
|
||||
- `COMMONFLAGS`; common compiler optimization options,
|
||||
- `CPPFLAGS`; options for the C preprocessor,
|
||||
- `DESTDIR`/`DSTROOT`: the destination root directory when installing.
|
||||
- `DSO`; the shared library building command,
|
||||
- `DSOFLAGS`; options for the shared library building command,
|
||||
@ -395,4 +396,5 @@ The following standard targets are defined in the makefile:
|
||||
with debug printfs and the clang address sanitizer enabled.
|
||||
- `install`; installs all distribution files in their corresponding locations.
|
||||
- `install-shared`; same as `install` but also installs the shared library.
|
||||
- `macos`; same as `all` but creates a Universal Binary (X64 + ARM64).
|
||||
- `test`; runs the unit test program, building it as needed.
|
||||
|
27
SECURITY.md
27
SECURITY.md
@ -5,6 +5,25 @@ This file describes how security issues are reported and handled, and what the
|
||||
expectations are for security issues reported to this project.
|
||||
|
||||
|
||||
Reporting a Security Bug
|
||||
------------------------
|
||||
|
||||
For the purposes of this project, a security bug is a software defect that
|
||||
allows a *local or remote user* to gain unauthorized access or privileges on the
|
||||
host computer or to cause the software to crash. Such defects should be
|
||||
reported to the project security advisory page at
|
||||
<https://github.com/michaelrsweet/pdfio/security/advisories>.
|
||||
|
||||
Alternately, security bugs can be reported to "security AT msweet.org" using the
|
||||
PGP public key below. Expect a response within 5 business days. Any proposed
|
||||
embargo date should be at least 30 days and no more than 90 days in the future.
|
||||
|
||||
> *Note:* If you've found a software defect that allows a *program* to gain
|
||||
> unauthorized access or privileges on the host computer or causes the program
|
||||
> to crash, that defect should be reported as an ordinary project issue at
|
||||
> <https://github.com/michaelrsweet/pdfio/issues>.
|
||||
|
||||
|
||||
Responsible Disclosure
|
||||
----------------------
|
||||
|
||||
@ -50,14 +69,6 @@ example:
|
||||
1.0rc1
|
||||
|
||||
|
||||
Reporting a Vulnerability
|
||||
-------------------------
|
||||
|
||||
Report all security issues to "security AT msweet.org". Expect a response
|
||||
within 5 business days. Any proposed embargo date should be at least 30 days
|
||||
and no more than 90 days in the future.
|
||||
|
||||
|
||||
PGP Public Key
|
||||
--------------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user