swallow/maestro
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
maestro/docs/SECURITY.draft.md
oss-sync d061ad08d8
Some checks failed
CI / build-and-test (push) Has been cancelled
Details
sync: update from private repo (e62f5c7)
2026-06-11 01:52:48 +00:00

1.1 KiB
Raw Blame History

Security Policy (DRAFT stub — see oss/overlay/SECURITY.md)

The authoritative security policy is oss/overlay/SECURITY.md, which ships publicly as SECURITY.md. It covers:

  • Supported versions (latest release + main).
  • Private vulnerability reporting (no public issues for undisclosed vulns; use the host's private reporting feature or contact the owner; 7-day ack).
  • Deployment baseline (localhost until OAuth, TLS reverse proxy, safety.bash_sandbox: always, secret hygiene, /metrics restriction, tool/integration review).

No separate top-level SECURITY.md is needed. Delete this draft after confirming the overlay policy.