Skip to content

Commit

Permalink
README updates and collateral
Browse files Browse the repository at this point in the history
  • Loading branch information
@Lukasa
Lukasa committed Mar 1, 2023
1 parent f3aa24b commit 82a9957
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 1 deletion.
4 changes: 4 additions & 0 deletions .spi.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
version: 1
builder:
configs:
- documentation_targets: [SwiftASN1]
21 changes: 20 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,23 @@ These moving pieces combine to provide support for the DER representation of ASN

## Getting Started

Consult the documentation for examples of how to use the code. A number of examples are also present in the repository itself.
To use swift-asn1, add the following dependency to your Package.swift:

```swift
dependencies: [
.package(url: "https://github.com/apple/swift-asn1.git", upToNextMinor(from: "0.6.0"))
]
```

Note that this repository does not have a 1.0 tag yet, so the API is not stable.

You can then add the specific product dependency to your target:

```swift
dependencies: [
.product(name: "SwiftASN1", package: "swift-asn1"),
]
```

Consult [the documentation](https://swiftpackageindex.com/apple/swift-asn1/main/documentation/swiftasn1) for
examples of how to use the code. A number of examples are also present in the repository itself.
44 changes: 44 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# Security

This document specifies the security process for the Swift ASN1 project.

## Disclosures

### Private Disclosure Process

The Swift ASN1 core team asks that known and suspected vulnerabilities be
privately and responsibly disclosed by emailing
[sswg-security-reports@forums.swift.org](mailto:sswg-security-reports@forums.swift.org)
with all the required detail.
**Do not file a public issue.**

#### When to report a vulnerability

* You think you have discovered a potential security vulnerability in Swift ASN1.
* You are unsure how a vulnerability affects Swift ASN1.

#### What happens next?

* A member of the team will acknowledge receipt of the report within 3
working days (United States). This may include a request for additional
information about reproducing the vulnerability.
* We will privately inform the Swift Server Work Group ([SSWG][sswg]) of the
vulnerability within 10 days of the report as per their [security
guidelines][sswg-security].
* Once we have identified a fix we may ask you to validate it. We aim to do this
within 30 days. In some cases this may not be possible, for example when the
vulnerability exists at the protocol level and the industry must coordinate on
the disclosure process.
* If a CVE number is required, one will be requested from [MITRE][mitre]
providing you with full credit for the discovery.
* We will decide on a planned release date and let you know when it is.
* Prior to release, we will inform major dependents that a security-related
patch is impending.
* Once the fix has been released we will publish a security advisory on GitHub
and the [SSWG][sswg] will announce the vulnerability on the [Swift
forums][swift-forums-sec].

[sswg]: https://github.com/swift-server/sswg
[sswg-security]: https://github.com/swift-server/sswg/blob/main/process/incubation.md#security-best-practices
[swift-forums-sec]: https://forums.swift.org/c/server/security-updates/
[mitre]: https://cveform.mitre.org/

0 comments on commit 82a9957

Please sign in to comment.