The Greenpill Dev Guild is dedicated to maintaining the security and privacy of our projects and user data. This document outlines our security practices and provides guidance on how to report potential vulnerabilities. We encourage everyone to responsibly disclose security vulnerabilities to help us protect our projects and our community.
We currently support the latest major and minor versions of each project unless otherwise specified. For unsupported versions, security updates may not be provided.
Project | Supported Version | End-of-Life Policy |
---|---|---|
Green Goods | Latest Version | N/A for legacy versions, patches for critical issues only |
Impact Reef | Latest Version | N/A for legacy versions, patches for critical issues only |
Allo Yeeter | Latest Version | N/A for legacy versions, patches for critical issues only |
GreenWill | Latest Version | N/A for legacy versions, patches for critical issues only |
Greenpill Commons | Latest Version | N/A for legacy versions, patches for critical issues only |
If you identify a potential security vulnerability in any of our repositories, please follow these steps:
-
Contact: Email the issue details to our security team at [[email protected]].
- Include a detailed description of the vulnerability, the affected component(s), and the potential impact.
- Provide steps to reproduce the issue if possible.
-
Acknowledgment: We will acknowledge receipt of your report within 3 business days and begin assessing the report.
-
Investigation and Remediation: We aim to address valid security issues promptly and will keep you updated on our investigation status.
- Critical issues will receive immediate attention, while minor vulnerabilities will be addressed in due course.
-
Responsible Disclosure: We request that you give us a reasonable time to address the issue before disclosing it publicly.
We implement the following security practices:
- Access Control: We enforce strict access control measures to ensure only authorized contributors can modify critical repositories.
- Dependencies Management: We regularly update dependencies and run automated vulnerability scans on dependencies.
- Code Review: Code changes undergo peer review to identify potential vulnerabilities before merging into main branches.
- Continuous Monitoring: We utilize GitHub security tools (e.g., Dependabot, Code Scanning) to monitor for potential vulnerabilities.
If you have questions about this policy or need further information:
- Security Team Contact: [[email protected]]
- Repository Bounty Guidelines: Refer to the Greenpill Dev Guild bounty guidelines for additional context on responsible development practices.