Skip to content

Security: makepkg/shamirs-luks-system

Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please report it responsibly.

How to Report

For critical vulnerabilities:

  • DO NOT open a public GitHub issue.
  • Contact the maintainer privately via GitHub profile contacts.
  • Provide detailed information about the vulnerability.
  • Allow reasonable time for a fix before public disclosure.

For non-critical security discussions:

  • Open a GitHub Discussion in the Q&A category.
  • Use GitHub Issues for general questions.

What to Include

When reporting a vulnerability, please include:

  • Description of the vulnerability.
  • Steps to reproduce.
  • Potential impact.
  • Suggested fix (if any).

Scope

This security policy applies to:

  • CreateKeys/forge-keys.sh script logic.
  • OpenManually/vault-open.sh script logic.
  • Early-boot hooks and configuration templates.

Out of Scope

  • Physical access attacks where the attacker can extract decrypted master key files while mounted.
  • Local root privilege escalation attacks that occur outside the scope of our scripts.
  • Issues in third-party libraries (e.g. ssss, cryptsetup).

Thank you for helping keep this project secure!

There aren't any published security advisories