github.com/swiftstack/ProxyFS@v0.0.0-20210203235616-4017c267d62f/SECURITY.md (about) 1 # ProxyFS Security 2 3 We take the security of this project seriously. Like any complex 4 system, security must be vigilantly pursued. We need your help. 5 6 ## How to report security issues 7 8 If you believe you've identified a vulnerability, please work with the 9 project maintainers to fix and disclose the issue responsibly. Email 10 security@swiftstack.com and include the following details in your 11 report: 12 13 * Description of the location and potential impact of the vulnerability 14 * Description of the steps required to reproduce the vulnerability 15 (POC scripts, screenshots, and compressed screen captures are 16 all helpful to us) 17 18 We will monitor this email address and promptly respond to any 19 vulnerabilities reported. 20 21 ## How to propose and review a security patch 22 23 Note: The patch development and review process for security issues is 24 different than normal patches in ProxyFS. Because the GitHub issue 25 process is public, all security bugs must have patches proposed to and 26 reviewed via the security email address above. 27 28 After a patch for the reported bug has been developed locally, you the 29 patch author need to share that with the community. This is a simple 30 process, but it is different than the normal ProxyFS workflow. 31 32 * Export it using the `format-patch` command: 33 34 ``` 35 git format-patch --stdout HEAD~1 >path/to/local/file.patch 36 ``` 37 38 Now you have the patch saved locally and you can attach it to an email. 39 40 * For reviewers, to review the attached patch, run the following command: 41 42 ``` 43 git am <path/to/local/file.patch 44 ``` 45 46 This applies the patch locally as a commit, including the commit 47 message and all other metadata. However, if the patch author did not 48 use `format-patch` to export the patch (perhaps they used 49 `git show >local.patch` ), then the patch can be applied locally with: 50 51 ``` 52 git apply path/to/local/file.patch 53 ```