Skip to content

Commit

Permalink
Create SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@robertlipe
robertlipe authored Mar 17, 2022
1 parent 9f8c056 commit b9d555b
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Security Policy

We are in favor of it. :-)

## Supported Versions

Only the current shipping version and the development trunk are supported.

## Reporting a Vulnerability

File a bugreport at https://github.com/GPSBabel/gpsbabel/issues please.
Include all steps necessary to reproduce.

Hypotheticals like "If a bit in RAM is corrupted between this store and
this load" will be closed. We're a real product that deals in real issues
only.

We are inherently reading untrusted input and often from untrusted
sources, so running a file converter as root on your server is bad. Don't
do that. If you insist on doing it, please run ulimit to minimize the
time and CPU load that can be used. An adversary can hand craft (or just
plain have) a corrupt or malformed file and sending it to you might make
GPSBabel loop forever. We try for that to not happen, but it's a necessary
reality of our job. Our goal is a desktop user converting files that they
control.

0 comments on commit b9d555b

Please sign in to comment.