external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-08-31 01:20:57 +00:00
Code Issues Projects Releases Wiki Activity
741281d1a3
secretive/SECURITY.md

1.3 KiB
Raw Blame History

Security Policy

Security Principles

Secretive is designed with a few general tenets in mind:

It's Hard to Leak a Key Secretive Can't Read The Key Material

Secretive only operates on hardware-backed keys. In general terms, this means that it should be very hard for Secretive to have any sort of bug that causes a key to be shared, because Secretive can't access private key data even if it wants to.

Simplicity and Auditability

Secretive won't expand to have every feature it could possibly have. Part of the goal of the app is that it is possible for consumers to reasonably audit the code, and that often means not implementing features that might be cool, but which would significantly inflate the size of the codebase.

Dependencies

Both in support of the previous principle and to rule out supply chain attacks, Secretive does not rely on any third party dependencies.

There are limited exceptions to this, particularly in the build process, but the app itself does not depend on any third party code.

Supported Versions

The latest version on the Releases page is the only currently supported version.

Reporting a Vulnerability

If you discover any vulnerabilities in this project, please notify max.goedjen@gmail.com with the subject containing "SECRETIVE SECURITY."