jenkins-bot has submitted this change. ( https://gerrit.wikimedia.org/r/c/pywikibot/core/+/1210674?usp=email )
Change subject: doc: Provide security policy with Pywikibot repository ...................................................................... doc: Provide security policy with Pywikibot repository Vulnerability reported by Aydinnyunus in T410755. Bug: T410753 Change-Id: I315eb4d03a162b64b17bd99693760f11fff213dd --- A docs/SECURITY.rst A docs/codeofconduct.rst M docs/index.rst 3 files changed, 32 insertions(+), 1 deletion(-) Approvals: Xqt: Looks good to me, approved jenkins-bot: Verified diff --git a/docs/SECURITY.rst b/docs/SECURITY.rst new file mode 100644 index 0000000..221ba18 --- /dev/null +++ b/docs/SECURITY.rst @@ -0,0 +1,29 @@ +************************* +Pywikibot Security Policy +************************* + +Reporting a Vulnerability +========================= +To report a security vulnerability in Pywikibot, please contact the maintainers via `Phabricator +task <https://phabricator.wikimedia.org/maniphest/task/edit/form/75/>`_ or via email at +**[email protected]**. We will acknowledge receipt of your report within 2 business days +and aim to provide a resolution within 30 days, depending on the severity of the issue. + +Security Updates +================ +Pywikibot supports security updates for the latest stable release. Older versions may not receive +security updates. Security updates will be made available through PyPI, the nightlies dump, the +gerrit repository and the GitHub mirror. Users are advised to upgrade to the latest version to +mitigate potential vulnerabilities. + +Disclosure Policy +================= +We follow a responsible disclosure process. After a vulnerability is fixed, we will publish a +security advisory detailing the issue and the steps taken to resolve it. The advisory will be +available on the GitHub repository and communicated to users through the mailing list. + +Security Resources +================== +- GitHub Security Advisories: https://docs.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory +- PyPI Security: https://pypi.org/security/ +- MediaWiki Security for Developers: https://www.mediawiki.org/wiki/Security_for_developers diff --git a/docs/codeofconduct.rst b/docs/codeofconduct.rst new file mode 100644 index 0000000..96e0ba2 --- /dev/null +++ b/docs/codeofconduct.rst @@ -0,0 +1 @@ +.. include:: ../CODE_OF_CONDUCT.rst diff --git a/docs/index.rst b/docs/index.rst index f1c0712..9083e42 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -55,7 +55,7 @@ global_options faq getting_help - + SECURITY .. toctree:: :maxdepth: 1 @@ -75,6 +75,7 @@ scripts_ref/index utilities/install tests_ref/index + codeofconduct .. toctree:: :maxdepth: 1 -- To view, visit https://gerrit.wikimedia.org/r/c/pywikibot/core/+/1210674?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.wikimedia.org/r/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: pywikibot/core Gerrit-Branch: master Gerrit-Change-Id: I315eb4d03a162b64b17bd99693760f11fff213dd Gerrit-Change-Number: 1210674 Gerrit-PatchSet: 4 Gerrit-Owner: Xqt <[email protected]> Gerrit-Reviewer: JJMC89 <[email protected]> Gerrit-Reviewer: Ladsgroup <[email protected]> Gerrit-Reviewer: Reedy <[email protected]> Gerrit-Reviewer: Xqt <[email protected]> Gerrit-Reviewer: jenkins-bot Gerrit-CC: SBassett <[email protected]>
_______________________________________________ Pywikibot-commits mailing list -- [email protected] To unsubscribe send an email to [email protected]
