redstrate/astra
1
Fork 0
mirror of https://github.com/redstrate/Astra.git synced 2025-04-25 13:57:45 +00:00
Code Activity
astra/external/libcotp/SECURITY.md

21 lines
908 B
Markdown
Raw Normal View History

Add option to generate OTP codes automatically * This uses the great libcotp library, I stripped it down to fit inside the repository. * This is a security-convenience trade-off, and it's made very clear with the tooltips on the settings page. * It's still secured by your system keychain, and it's up to the users whether that's good enough for them. Eventually down the line I would like to support more esoteric keychains such as Bitwarden or KeePass. * Right now it's only integrated into the auto-login desktop feature, but there will eventually be like an "auto-fill OTP" button in the main window. There's still a lot to clean up with these new features but they work a little at least :-)
2022-08-31 21:19:25 -04:00
# Security Policy
## Supported Versions
The following list describes whether a version is eligible or not for security updates.
| Version | Supported | EOL |
| ------- | ------------------ |-------------|
| 1.2.x | :heavy_check_mark: | - |
| 1.1.x | :x: | 31-Dec-2021 |
| 1.0.x | :x: | 31-Dec-2021 |
## Reporting a Vulnerability
Should you find a vulnerability, please report it privately to me via [e-mail](mailto:paolostivanin@users.noreply.github.com).
The following is the workflow:
- security issue is found, an e-mail is sent to me
- within 24 hours I will reply to your e-mail with some info like, for example, whether it actually is a security issue and how serious it is
- within 7 days I will develop and ship a fix
- once the update is out I will open a [security advisory](https://github.com/paolostivanin/OTPClient/security/advisories)
Copy permalink