LibreKAT/Ocideck
LibreKAT/Ocideck
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
Ocideck/SECURITY.md
Brenno de Winter 2d8be6f0dd
Some checks failed
CI / Format · Analyze · Test (push) Has been cancelled
Details
CI / Format · Analyze · Test (pull_request) Has been cancelled
Details
Add project docs, EUPL licence, and open-source licence check 
Documentation & licensing:
- Add the EUPL-1.2 licence (LICENSE.md) and set the project licence; refresh
  the README (name origin wink, updated feature list, documentation index).
- Add CONTRIBUTING, SECURITY, CODE_OF_CONDUCT, CHANGELOG, AUTHORS, and
  THIRD_PARTY_NOTICES, plus docs/ (ARCHITECTURE, BUILD, USER_GUIDE, SHORTCUTS,
  LICENSE_COMPLIANCE) and .github/ (CI workflow, issue/PR templates).
- Bring docs/FILE_FORMAT.md in line with current behaviour (code & chart
  slides, per-slide TLP comment, annotation .ink.json sidecar, chart data/ CSVs).

Open-source compliance:
- Add tool/check_licenses.dart and a `make licenses` target (wired into
  check-full and CI) that verifies every resolved dependency uses a recognised
  open-source licence. A scan of all 151 packages and bundled assets found only
  OSI-approved licences.

Charts (Fase 1.1):
- Replace the chart CSV textarea with an in-app editable data grid (editable
  series/labels/values, add/remove row & column, read-only when linked).
- Centralize the linked-CSV directory name (`data/`) in a shared constant.

Also normalize formatting repo-wide with `dart format` and fix one
curly-braces lint, so `make check` and CI are green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 12:19:56 +02:00

1.7 KiB
Raw Blame History

Security Policy

Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately via GitHub's "Report a vulnerability" button under the repository's Security tab (Security Advisories). If that is not available to you, contact the maintainer directly and wait for a reply before disclosing anything publicly.

When reporting, please include as much of the following as you can:

  • A description of the issue and its impact.
  • Steps to reproduce (a minimal deck or input file if relevant).
  • The OciDeck version, operating system, and Flutter version.
  • Any proof-of-concept, logs, or screenshots.

What to expect

  • Acknowledgement of your report as quickly as we reasonably can.
  • An assessment and, where confirmed, a fix developed under coordinated (responsible) disclosure.
  • Credit for the discovery if you wish — let us know how you would like to be named.

We ask that you give us a reasonable opportunity to address the issue before any public disclosure, and that you avoid privacy violations, data destruction, or service disruption while researching.

Scope notes

OciDeck is an offline desktop application. Areas of particular interest:

  • Parsing of untrusted decks (.md), packages (.ocideck), sidecars (.ink.json, captions), and linked CSV data.
  • Importing presentations from a URL.
  • The HTML export, which inlines third-party JavaScript (marked, highlight.js, mermaid, MathJax) to render offline.

Supported versions

Security fixes target the latest released version and the default development branch. Older versions may not receive fixes.