2024-09-24 Status: At this time there are no code releases for which there need be any vulnerability and exploit concerns.
Current repository content consists of text files and web documentation of an experimental/provisional nature with limited use of SML for proofs-of-concept.
Most considerations of errors and defects can be handled using the project Issues and Discussion topics. Pull-requests are unwarranted at this time.
| Version | Supported |
|---|---|
| none | ❌ |
Please confine vulnerability reporting to Orcmid on GitHub projects that have supported releases.
To privately report an exploitable vulnerability or exposed threat-surface that pertains to the Miser Project, however unlikely, use the GitHub vulnerability reporting provision of the Miser Project Security tab.
If you are unable to exercise that capability, or prefer private email communication, send a digitally-signed plaintext email to orcmid.
If you have reservations about email security/privacy, enclose an ASCII-armored file PGP-encrypted using the orcmid Apache public key.
Finally, if you wish encrypted responses, sign that message before encryption in order for your public key to be available for that purpose.
When the Miser Project is forked/cloned using GitHub, the README.md and SECURITY.md files will be included. So long as synchronized updates from the Miser Project are desired in a GitHub fork, all development should occur on a separate and fork-distinct branch.
For independent releases of a fork/clone-based project, it must be clear that there is no support commitment at the Miser Project and the Security Policy does not extend to the fork/clone. Independent release branches from a GitHub fork/clone should be with README.md, SECURITY.md, LICENSE.txt, and NOTICE.txt versions, if any, that prevent confusion with supported Miser Project code. Attribution to the Miser Project origin is expected, in compliance with the Miser Project license.