ff4ff35918
Red Bear OS is a full fork. All sources must be available from git clone with zero network access. Removed gitignore rules that excluded fetched source trees under recipes/*/source/, local/recipes/kde/*/source/, local/recipes/qt/*/source/, and vendor source trees. Build artifacts (target/, build/, source.tar, *.o, *.so) remain excluded. 127291 files added — kernel, relibc, base, bootloader, pkgar, all KDE/Qt frameworks, mesa, wayland, DRM drivers, and every other recipe source.
21 lines
554 B
Markdown
21 lines
554 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you have any security concern, contact <matz@ruby.or.jp>.
|
|
|
|
## Scope
|
|
|
|
We consider the following issues as vulnerabilities:
|
|
|
|
- Remote code execution
|
|
- Crash caused by a valid Ruby script
|
|
|
|
We _don't_ consider the following issues as vulnerabilities:
|
|
|
|
- Runtime C undefined behavior (including integer overflow)
|
|
- Crash caused by misused API
|
|
- Crash caused by modified compiled binary
|
|
- ASAN/Valgrind warning for too big memory allocation
|
|
mruby assumes `malloc(3)` returns `NULL` for too big allocations
|