mirror of
https://github.com/termux-pacman/termux-packages.git
synced 2026-01-09 12:23:23 +00:00
22 lines
1.2 KiB
Markdown
22 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
The Termux-Pacman organization provides packages that work in `android 7+`, as well as signatures for packages that are built with the latest version of `gpg`.
|
|
**NOTE:** not all packages are signed.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
The Termux-Pacman organization deals with vulnerability issues in the following cases:
|
|
- If a vulnerability has been found in our services.
|
|
- If a vulnerability was found in package signatures.
|
|
- If the package has not been updated in which the vulnerability of the package is fixed.
|
|
|
|
The Termux-Pacman organization does not deal with the issue of fixing the vulnerability in the packages themselves, but we are ready to help the creator/organization know about the vulnerability in their packages.
|
|
|
|
To report a vulnerability, you must send an email to [pacman@termux.dev](mailto:pacman@termux.dev) with the following information:
|
|
- Subject must begin with the text `[Reporting Vulnerability]`.
|
|
- Provide proof or detailed information about the vulnerability.
|
|
|
|
Without this, the email may not be seen immediately or be ignored. Once submitted, your email will be reviewed to confirm the vulnerability. If a vulnerability has been confirmed, then steps will be taken to fix the vulnerability.
|