SECURITY.md
# Security Policy
## Supported Versions
We generally support fixing security issues in all sensible releases.
We _may_ decide not to fix them in very old releases, though.
## Reporting a Vulnerability
If you’ve found a security issue in one of our packages, please send
us an email to `development [at] orca.ch` instead of using the normal
bug reporting system or any other form of notification.
Once we receive a vulnerability report, we first confirm to the reporter
that we simply received the report.
Next, for each report, we try to confirm the vulnerability.
Once confirmed, we will do the following:
* Acknowledge to the reporter that we’ve confirmed the issue, and are
working on a fix. We ask the reporter to keep the issue confidential
until we announce a solution.
* Get a fix/patch or workaround/guidance prepared.
* Release new versions of all affected versions, if applicable.
* Prominently feature the problem in the release description, if
applicable.