mirror of
https://github.com/redstrate/Astra.git
synced 2025-04-22 20:47:45 +00:00
Joshua Goins
5ee036dd09
* This uses the great libcotp library, I stripped it down to fit inside the repository. * This is a security-convenience trade-off, and it's made very clear with the tooltips on the settings page. * It's still secured by your system keychain, and it's up to the users whether that's good enough for them. Eventually down the line I would like to support more esoteric keychains such as Bitwarden or KeePass. * Right now it's only integrated into the auto-login desktop feature, but there will eventually be like an "auto-fill OTP" button in the main window. There's still a lot to clean up with these new features but they work a little at least :-)
18 lines
823 B
Markdown
18 lines
823 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
The following list describes whether a version is eligible or not for security updates.
|
|
|
|
| Version | Supported | EOL |
|
|
| ------- | ------------------ |-------------|
|
|
| 1.0.x | :heavy_check_mark: | - |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Should you find a vulnerability, please report it privately to me via [e-mail](mailto:paolostivanin@users.noreply.github.com).
|
|
The following is the workflow:
|
|
- security issue is found, an e-mail is sent to me
|
|
- within 24 hours I will reply to your e-mail with some info like, for example, whether it actually is a security issue and how serious it is
|
|
- within 7 days I will develop and ship a fix
|
|
- once the update is out I will open a [security advisory](https://github.com/paolostivanin/OTPClient/security/advisories)
|