Add project-level security policy

[lepras]

Feature idea

I think you are the only guys who are maintaining an android Keyboard regularly. (Maybe Graphene OS but that's just bare bones AOSP)

As keyboard is atleast a ring 1 app you should have a github and project level security and/or privacy policy.

https://wiki.yoctoproject.org/wiki/SECURITY_file

https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

Examples:

https://github.com/M66B/FairEmail/blob/master/PRIVACY.md

https://github.com/M66B/FairEmail/blob/master/SECURITY.md

I think you should pin this issue, but ofcourse yk better.

[patrickgold]

Thanks for your proposal!

There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/

As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly.

[lepras]

Should have a privacy.md in the repo itself, but ofc you are the final judge.

…

-------- Original Message --------

On 5/2/24 5:19 PM, Patrick Goldinger wrote: Thanks for your proposal! There's already a privacy policy on the official project website, see here: https://florisboard.org/legal/privacy/ As for the SECURITY.md, we could consider better defining how to report security vulnerabilities, will rename your issue accordingly. — Reply to this email directly, [view it on GitHub](#2466 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/A2E3WMCLFEJS3TCZLAV6FLDZAIR3JAVCNFSM6AAAAABHDRNEOKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJQGMYDKMZVGA). You are receiving this because you authored the thread.Message ID: ***@***.***>