Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,12 @@ Please include as much information as possible in your report to better help us
If you need to encrypt sensitive information sent to us, please use [our PGP key](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x641D2F6C230DBE3B):

```
E406 C27A E971 6515 A1B1 ED86 641D 2F6C 230D BE3B
```
``` WARNING!!!!! NOT FOR PUBLIC USE.
Private FEDERAL PROPERTY. NOT FOR PUBLIC OR PRIVATE USE. NOTICE OF COPYRIGHT INFRINGEMENT. THIS MUST BE REMOVED OR YOU WILL BE FEDERALLY CHARGED.




Comment on lines +19 to +24

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The PGP key has been removed from SECURITY.md and the file's Markdown is corrupted, breaking the secure reporting process and document rendering.
Severity: HIGH

Suggested Fix

Restore the original PGP key block to the SECURITY.md file. Ensure the PGP key fingerprint 'E406 C27A E971 6515 A1B1 ED86 641D 2F6C 230D BE3B' is present and correctly formatted within a valid Markdown code block.

Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: SECURITY.md#L19-L24

Potential issue: The legitimate PGP key fingerprint has been deleted from the
`SECURITY.md` file and replaced with fabricated text. This change prevents users who
need to report a vulnerability from finding the necessary PGP key, breaking the
documented secure reporting workflow. Additionally, the injected text ` ```
WARNING!!!!!...` merges the opening triple-backtick fence with text on the same line and
removes the closing fence, which violates Markdown syntax and will corrupt the rendering
of the document.

Did we get this right? 👍 / 👎 to inform future reviews.


## Example and Sample Code

Expand Down