Skip to content

Security: Lethephyr/cackle

Security

SECURITY.md

Security policy

It's unlikely that Cackle will ever be completely impossible to circumvent. That doesn't mean that it isn't useful though. Think of it like an antivirus that only knows about 90% of viruses.

If you've found a neat way to circumvent Cackle to sneak in some API usages that it shouldn't allow, great, especially if there's a way to plug the hole. If there isn't a practical way to plug the hole, then my thoughts are that we probably shouldn't provide detailed instructions for people who want to perform supply-chain attacks. The goal is to make things as hard for them as possible.

So I'd say, if the problem is fixable, feel free to just file a bug or send a PR. If it's not fixable, or you're not sure, feel free to just email me. You can find my email address by looking through the commit logs for David Lattimore.

There aren’t any published security advisories