Commit Graph

9 Commits

Author SHA1 Message Date
Daniel Stenberg
a18680f501
VULN-DISCLOSURE-POLICY.md: small typo fix 2024-08-05 17:15:31 +02:00
Daniel Stenberg
b715bb371c
VULN-DISCLOSURE-POLICY: NULL dereferences and crashes
If a malicious server can trigger a NULL dereference in curl or
otherwise cause curl to crash (and nothing worse), chances are big that
we do not consider that a security problem.

Closes #13974
2024-06-19 12:53:35 +02:00
Daniel Stenberg
86d33001e4
reuse: add copyright + license info to individual docs/*.md files
Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.

+ Remove mention of old files from .reuse/dep5
+ add info to .github/dependabot.yml
+ make scripts/copyright.pl warn on non-matching patterns

Closes #13245
2024-03-31 12:01:18 +02:00
Daniel Stenberg
39173f66e5
VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
curl is a CNA now

Closes #13088
2024-03-08 13:16:27 +01:00
Daniel Stenberg
2097a095c9
docs: use present tense
avoid "will", detect "will" as a bad word in the CI

Also line wrapped a bunch of paragraphs

Closes #13001
2024-02-27 09:47:21 +01:00
Daniel Stenberg
e5000e797f
GHA: add a job scanning for "bad words" in markdown
This means words, phrases or things we have decided not to use - words that
are spelled right according to the dictionary but we want to avoid. In the
name of consistency and better documentation.

Closes #12764
2024-01-24 08:44:34 +01:00
Daniel Stenberg
9588528a0b
VULN-DISCLOSURE-POLIC: remove broken link to hackerone
It should ideally soon not be done from hackerone anyway

Closes #12308
2023-11-11 23:16:52 +01:00
Daniel Stenberg
2b16b86bb6
VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
Closes #12278
2023-11-06 12:51:00 +01:00
Daniel Stenberg
46d4ae5e11
SECURITY-PROCESS.md. call it vulnerability disclosure policy
SECURITY-PROCESS.md -> VULN-DISCLOSURE-POLICY.md

This a name commonly used for a document like this. This name helps
users find it.

Closes #11852
2023-09-14 17:04:33 +02:00