This is still a work in progress. Comments, suggestions, etc. are all welcome.
Nothing yet is officially released is supported, but once the community has enough adoption, and this project is being used for more production-criticial things, we'll need to outline what is supported, and to what degree.
The community should always know, first and foremost, if there's ever any hint of a vulnerability, even if there is a risk of a zero-day exploit.
That said, at some point, we want to build up a bug bounty and formalize that, so users can feel more confident in trusting this project and those who make it.
- Anything that substantially violates a user's privacy in unexpected ways, or at least, in ways that aren't communicated well
- Anything that can have potential unaddressed legal or community-facing complications.
- Anything that can result in the disruption of the network, in loss of data, or other forms of harm.
Some things we can't do anything about, or at least, not yet, but the very least we could do is formally address any potential concerns. Contributions welcome.