mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-07 10:45:21 +00:00
Explicit SECURITY.md that reflects Kata’s rolling-release model (monthly cadence, no long-term branches) and sets clear expectations for reporters and downstream users. With the SECURITY.md in place we need also the SECURITY_CONTACTS - Add alternative reporting method (email) for non-GitHub users - Add section for downstream distributions and vendors with early notification details - Clarify that timelines are independent objectives, not sequential steps - Reorder disclosure process to emphasize patch releases are exceptions - Update git tag command in version table (remove unnecessary pipe) - Expand FAQ with downstream distribution and non-GitHub reporter questions - Update timestamp to reflect current changes (2026-04-01) - Update SECURITY_CONTACTS with email contact and downstream notification info - Clarify CVE assignment process through GitHub Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk> Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com> Signed-off-by: stevenhorsman <steven@uk.ibm.com>
490 B
490 B