mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2026-01-26 21:41:34 +03:00
readme: Write a more possitive Security section
This patch changes the security section in the README.md file to give more information. This removes the "unmaintained" text, as this project is maintained again. It also makes it clear that this is a community project, so anyone will know what to expect, and it also makes explicit that developers are volunteers and will work on the issues that they want, as a try to avoid pressure from bug reporters. The message try to be possitive, promoting collaboration instead of conflict. The idea is to make it clear that collaboration is welcome and the way to go is to do it yourself instead of asking the maintainers to do it for you.
This commit is contained in:
Daniel Garcia Moreno
committed by
Iván Chavero
Iván Chavero
parent
160c8a43ba
commit
0704f52ea4
26
README.md
26
README.md
@@ -21,9 +21,29 @@ This code is released under the MIT License, see the Copyright file.
|
||||
|
||||
## Security
|
||||
|
||||
This project is unmaintained and has
|
||||
[known security issues](https://gitlab.gnome.org/GNOME/libxml2/-/issues/346).
|
||||
It is foolish to use this software to process untrusted data.
|
||||
This is open-source software written by hobbyists and maintained by
|
||||
volunteers.
|
||||
|
||||
It's NOT recommended to use this software to process **untrusted data**.
|
||||
There is a lot of ways that a malicious crafted xml could exploit a
|
||||
hidden vulnerability in the software.
|
||||
|
||||
The software is provided "as is", without warranty of any kind,
|
||||
express or implied. Use this software at your own risk.
|
||||
|
||||
To **report security bugs**, you can create a confidential issue with
|
||||
the "security" label. We will review and work on it as a best effort.
|
||||
But remember that this is a community project, maintained by volunteer
|
||||
developers, so if you are concern about any important security bug
|
||||
that's critical for you, feel free to collaborate and provide a patch.
|
||||
|
||||
The main rule is to be kind. Do not pressure developers to fix a CVE
|
||||
or to work on a functionality that you need, because that won't work.
|
||||
This is a community project, developers will work in the issues that
|
||||
they consider interesting and when they want. All contributions are
|
||||
welcome, so if something is important for you, you can always get
|
||||
involved, implement it yourself and be part of the open source
|
||||
community.
|
||||
|
||||
## Build instructions
|
||||
|
||||
|
||||
Reference in New Issue
Block a user