SECURITY.rst
Security Policy
===============
The following file contains information on how to report security breaches in pip-rating. A security flaw is a bug that
can be exploited to compromise the security of the system. To report bugs that do not compromise security,
report `using an issue <https://github.com/Nekmo/pip-rating/actions>`_.
Supported Versions
------------------
Currently pip-rating only supports the latest version available. If you find a security flaw in a previous version,
please report it, but we don't guarantee that it will be fixed with a patch version. However, we will report it to the
users of the previous version. If the flaw is in the latest version, we will fix it as soon as possible.
Reporting a Vulnerability
-------------------------
To report a vulnerability, please send an email to *security [at] nekmo.com* with the following information:
- A description of the vulnerability.
- The version of pip-rating affected.
- The steps to reproduce the vulnerability.
- The possible impact of the vulnerability.
We will try to answer you as soon as possible, but we cannot guarantee a response time. If your vulnerability is
accepted, we will contact you to keep you informed of the progress of the solution. If it is rejected, we will also
contact you to explain the reasons. If you do not receive a response within a reasonable time, please contact us again.
All the people who report a vulnerability will be mentioned in the changelog of the version in which it is fixed,
unless they request otherwise. If you want to remain anonymous, please indicate it in the email.