mirror of
https://github.com/michaelrsweet/pdfio.git
synced 2024-12-27 05:48:20 +01:00
Update security reporting and contribution text.
This commit is contained in:
parent
74a6fb1860
commit
4630060ee7
@ -118,7 +118,7 @@ the source file and the copyright and licensing notice:
|
|||||||
//
|
//
|
||||||
// Description of file contents.
|
// Description of file contents.
|
||||||
//
|
//
|
||||||
// Copyright YYYY by AUTHOR.
|
// Copyright © YYYY by AUTHOR.
|
||||||
//
|
//
|
||||||
// Licensed under Apache License v2.0. See the file "LICENSE" for more
|
// Licensed under Apache License v2.0. See the file "LICENSE" for more
|
||||||
// information.
|
// information.
|
||||||
@ -330,7 +330,7 @@ typedef, for example:
|
|||||||
|
|
||||||
All constant names are uppercase with underscores between words, e.g.,
|
All constant names are uppercase with underscores between words, e.g.,
|
||||||
`PDFIO_THIS_CONSTANT`, `PDFIO_THAT_CONSTANT`, etc. Constants begin with the
|
`PDFIO_THIS_CONSTANT`, `PDFIO_THAT_CONSTANT`, etc. Constants begin with the
|
||||||
"PDFio\_" prefix to avoid conflicts with system constants. Private constants
|
"PDFIO\_" prefix to avoid conflicts with system constants. Private constants
|
||||||
start with an underscore, e.g., `_PDFIO_THIS_CONSTANT`,
|
start with an underscore, e.g., `_PDFIO_THIS_CONSTANT`,
|
||||||
`_PDFIO_THAT_CONSTANT`, etc.
|
`_PDFIO_THAT_CONSTANT`, etc.
|
||||||
|
|
||||||
@ -369,11 +369,12 @@ extensions MUST NOT be used.
|
|||||||
The following variables are defined in the makefile:
|
The following variables are defined in the makefile:
|
||||||
|
|
||||||
- `AR`; the static library archiver command,
|
- `AR`; the static library archiver command,
|
||||||
- `ARFLAGS`; options for the static library archiver command,
|
- `ARFLAGS`; options for the static library archiver,
|
||||||
- `CC`; the C compiler command,
|
- `CC`; the C compiler command,
|
||||||
- `CFLAGS`; options for the C compiler command,
|
- `CFLAGS`; options for the C compiler,
|
||||||
- `CODESIGN_IDENTITY`: the code signing identity,
|
- `CODESIGN_IDENTITY`: the code signing identity,
|
||||||
- `COMMONFLAGS`; common compiler optimization options,
|
- `COMMONFLAGS`; common compiler optimization options,
|
||||||
|
- `CPPFLAGS`; options for the C preprocessor,
|
||||||
- `DESTDIR`/`DSTROOT`: the destination root directory when installing.
|
- `DESTDIR`/`DSTROOT`: the destination root directory when installing.
|
||||||
- `DSO`; the shared library building command,
|
- `DSO`; the shared library building command,
|
||||||
- `DSOFLAGS`; options for the shared library building command,
|
- `DSOFLAGS`; options for the shared library building command,
|
||||||
@ -395,4 +396,5 @@ The following standard targets are defined in the makefile:
|
|||||||
with debug printfs and the clang address sanitizer enabled.
|
with debug printfs and the clang address sanitizer enabled.
|
||||||
- `install`; installs all distribution files in their corresponding locations.
|
- `install`; installs all distribution files in their corresponding locations.
|
||||||
- `install-shared`; same as `install` but also installs the shared library.
|
- `install-shared`; same as `install` but also installs the shared library.
|
||||||
|
- `macos`; same as `all` but creates a Universal Binary (X64 + ARM64).
|
||||||
- `test`; runs the unit test program, building it as needed.
|
- `test`; runs the unit test program, building it as needed.
|
||||||
|
27
SECURITY.md
27
SECURITY.md
@ -5,6 +5,25 @@ This file describes how security issues are reported and handled, and what the
|
|||||||
expectations are for security issues reported to this project.
|
expectations are for security issues reported to this project.
|
||||||
|
|
||||||
|
|
||||||
|
Reporting a Security Bug
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
For the purposes of this project, a security bug is a software defect that
|
||||||
|
allows a *local or remote user* to gain unauthorized access or privileges on the
|
||||||
|
host computer or to cause the software to crash. Such defects should be
|
||||||
|
reported to the project security advisory page at
|
||||||
|
<https://github.com/michaelrsweet/pdfio/security/advisories>.
|
||||||
|
|
||||||
|
Alternately, security bugs can be reported to "security AT msweet.org" using the
|
||||||
|
PGP public key below. Expect a response within 5 business days. Any proposed
|
||||||
|
embargo date should be at least 30 days and no more than 90 days in the future.
|
||||||
|
|
||||||
|
> *Note:* If you've found a software defect that allows a *program* to gain
|
||||||
|
> unauthorized access or privileges on the host computer or causes the program
|
||||||
|
> to crash, that defect should be reported as an ordinary project issue at
|
||||||
|
> <https://github.com/michaelrsweet/pdfio/issues>.
|
||||||
|
|
||||||
|
|
||||||
Responsible Disclosure
|
Responsible Disclosure
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
@ -50,14 +69,6 @@ example:
|
|||||||
1.0rc1
|
1.0rc1
|
||||||
|
|
||||||
|
|
||||||
Reporting a Vulnerability
|
|
||||||
-------------------------
|
|
||||||
|
|
||||||
Report all security issues to "security AT msweet.org". Expect a response
|
|
||||||
within 5 business days. Any proposed embargo date should be at least 30 days
|
|
||||||
and no more than 90 days in the future.
|
|
||||||
|
|
||||||
|
|
||||||
PGP Public Key
|
PGP Public Key
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user