From 3b23af5cc6e9eca80798940675a5bcf79284ba9f Mon Sep 17 00:00:00 2001 From: James Edington Administrator Date: Thu, 15 Feb 2024 20:07:51 -0600 Subject: [PATCH] Github doesn't like RST --- SECURITY.rst => SECURITY.md | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) rename SECURITY.rst => SECURITY.md (76%) diff --git a/SECURITY.rst b/SECURITY.md similarity index 76% rename from SECURITY.rst rename to SECURITY.md index 6a912764..037e8e7b 100644 --- a/SECURITY.rst +++ b/SECURITY.md @@ -1,16 +1,12 @@ -Security Policy -=============== +# Security Policy -Supported Versions ------------------- +## Supported Versions -* ``0.6.X`` +* `0.6.X` -Reporting a Vulnerability -------------------------- +## Reporting a Vulnerability -Vulnerabilities in the actual algorithms -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +### Vulnerabilities in the actual algorithms First, check to see if upstream has issued any updates, and open a ticket with them if necessary according to their policy: @@ -33,14 +29,12 @@ If they claim no patch is available, you may have to escalate: If upstream has already issued an update, but we have not included it, please open a ticket on the issue tracker about that. -Vulnerabilities in the bindings -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +### Vulnerabilities in the bindings If the vulnerability is *not* with the actual algorithms, but with our Python bindings, please open a ticket on the issue tracker about that. -Reporting a Supply-Chain Compromise ------------------------------------ +## Reporting a Supply-Chain Compromise If you believe some element of the supply chain has been compromised (e.g. pypqc has merged fake commits, or the PyPI project page has been