a fork of iceshrimp.net but a tweaked frontend to my personal liking. waow
fediverse
social-media
social
iceshrimp
fedi
[docs] Update SECURITY.md
+2
+2
SECURITY.md
+2
SECURITY.md
···
5
5
- Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message.
6
6
7
7
This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly.
8
+
9
+
Note that in the case of coordinated disclosure, once the severity has been established to be high/critical & patches are ready, we will set a cutoff date (within reason) at which point we'll release the patches regardless of the state of the coordinated disclosure. This is to prevent excessive delays caused by bikeshedding or similar behavior by coordination partners.