32 lines
1.1 KiB
Markdown
32 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Security Model
|
|
|
|
Oasis is experimental software, please don't trust it with your life.
|
|
|
|
If everything is working correctly, it's likely that:
|
|
|
|
- Only your computer can access Oasis.
|
|
- Only you can publish a message to your feed.
|
|
- Only the recipients of private messages can read the message.
|
|
- Only basic HTML is supported in blobs, which can't access the rest of Oasis.
|
|
|
|
It's important to know that this is not a silver bullet:
|
|
|
|
- Your public messages can be read by anyone on the Secure Scuttlebutt network.
|
|
- Your IP address can be seen by anyone that peers with you.
|
|
- Your private messages can be read by anyone with access to your private key.
|
|
|
|
You should also know:
|
|
|
|
- Information that others can read can be saved, without your permission.
|
|
- Encryption techniques that are unbreakable today may become compromised in the future; maybe in dozens or hundreds of years.
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest release is supported.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Send an email to christianbundy@fraction.io to report any security problems. Please do not use the public issue tracker.
|