File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11# Default owners for the whole repository
2- * @ TheCodeVerseHub/core
2+ # NOTE: GitHub team handles are case-insensitive but must match the team slug.
3+ * @ TheCodeVerseHub/codeverse-linux-distro @ TheCodeVerseHub/distro-maintainers
34
4- # Area ownership (keep these lightweight and practical)
5- /docs / @ TheCodeVerseHub/core
6- /scripts / @ TheCodeVerseHub/core
7- /configs / @ TheCodeVerseHub/core
8- /iso / @ TheCodeVerseHub/core
9- /pkgbuild / @ TheCodeVerseHub/core
10- /src / @ TheCodeVerseHub/core
5+ # Ownership by area
6+ /.github / @ TheCodeVerseHub/distro-maintainers
7+ /SECURITY.md @ TheCodeVerseHub/distro-maintainers
8+
9+ /docs / @ TheCodeVerseHub/documentation
10+
11+ /scripts / @ TheCodeVerseHub/distro-maintainers
12+ /configs / @ TheCodeVerseHub/distro-maintainers
13+ /iso / @ TheCodeVerseHub/distro-maintainers
14+ /pkgbuild / @ TheCodeVerseHub/distro-maintainers
15+ /src / @ TheCodeVerseHub/distro-maintainers
Original file line number Diff line number Diff line change 11# Security Policy
22
3- ## Reporting a vulnerability
3+ ## How to report vulnerabilities
44
5- Please report security issues ** privately** .
6-
7- Preferred:
5+ Preferred (private):
86
97- Use GitHub ** Security Advisories** ("Report a vulnerability" in the Security tab).
108
11- If you cannot use private reporting:
9+ Fallback (public):
10+
11+ - Open a GitHub issue ** without sensitive details** and request a move to a private channel.
1212
13- - Open a GitHub issue ** without sensitive details ** and ask for a private contact .
13+ Do not post secrets, exploit code, or private user data in public issues .
1414
1515## What to include
1616
1717- Affected component (e.g. installer, ISO build scripts, configs)
18- - Reproduction steps or proof-of-concept
18+ - Reproduction steps or a minimal proof-of-concept
1919- Impact assessment (what could an attacker do?)
2020
2121## Response expectations
2222
23- We aim to acknowledge reports within a reasonable time and will coordinate a fix and disclosure timeline with the reporter when appropriate.
23+ We aim to acknowledge reports within a reasonable time and coordinate a fix and disclosure timeline with the reporter when appropriate.
You can’t perform that action at this time.
0 commit comments