Skip to content

Security: Reality2byte/pdm

Security

SECURITY.md

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
Latest minor version
Otherwise

Reporting a Vulnerability

If you discover a potential security vulnerability, we kindly request that you refrain from sharing the information publicly and report it to us directly. Please send an email to [email protected] with the following details:

  • Description of the potential vulnerability.
  • Steps to reproduce the issue (if applicable).
  • Any relevant screenshots or logs.
  • Your contact information for further communication.

Alternatively, you can open a security advisory on GitHub.

Response Time

Upon receiving your report, the maintainers will acknowledge receipt of your vulnerability report within 2 business days. We will then review the reported issue and strive to keep you informed about our progress towards resolving it. You can expect an update from us at least every 5 days until the issue is resolved.

Vulnerability Validation

The maintainers will assess the reported vulnerability and validate its existence. This process may involve a request for additional information from you. If the vulnerability is confirmed, we will classify it based on its severity and potential impact.

If your reported vulnerability is validated and leads to a change in our systems, we will acknowledge your contribution in any public disclosure, unless you request anonymity. Otherwise, if the reported issue is not accepted as a vulnerability, we will provide a detailed explanation as to why we believe it does not pose a risk to our systems or users. We value all reports and encourage you to continue to report any potential vulnerabilities you may find in the future.

There aren’t any published security advisories