Skip to content

docs: Create SECURITY.md #2

New issue
New issue
Open
Open
docs: Create SECURITY.md#2
Assignees
KemingHe
Labels
documentationImprovements or additions to documentation
@KemingHe

Description

@KemingHe
KemingHe
opened on Mar 19, 2026

Problem

Repository needs security policy to establish reporting procedures and scope for security considerations.

Proposed Solution

Adapt SECURITY.md from KemingHe/common-devx repository with scope adjusted for git-crypt-retro:

  • Clarify scope: Tool for history rewriting, not a security product itself
  • Security considerations: Backup requirements, history rewrite risks, key management (deferred to git-crypt)
  • Reporting: GitHub private vulnerability reporting for tool-specific issues
  • Best practices: Reference git-crypt security documentation for encryption concerns
  • Coordinated disclosure policy

Key differences from common-devx:

  • Emphasize that tool operates on sensitive data (Git history)
  • Document shared responsibility: git-crypt handles encryption security, our tool handles safe history rewriting
  • Warn about irreversibility of operations

Alternatives Considered

Minimal security policy, but comprehensive documentation builds user trust for destructive operations.

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentation

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions