The repo has no SECURITY.md, so GitHub shows no security policy and there's no documented way to report vulnerabilities privately.
Add a root-level security policy that:
- Covers all app flavors: Android (
ft8af/), desktop for Windows/macOS/Linux (desktop/, Tauri + Hamlib), and iOS (ios/).
- Directs reporters to GitHub private vulnerability reporting, with
k1af@ft8af.app as a fallback contact — not public issues or Discord.
- Documents scope (native
ft8_lib/JNI DSP path, CAT/audio & libusb, desktop Hamlib rig control, Tauri/Rust IPC, logging-service credentials) and upstream coordination for the vendored ft8_lib and bundled Hamlib.
Note: private vulnerability reporting must be enabled in repo Settings → Security for the reporting flow to work.
The repo has no
SECURITY.md, so GitHub shows no security policy and there's no documented way to report vulnerabilities privately.Add a root-level security policy that:
ft8af/), desktop for Windows/macOS/Linux (desktop/, Tauri + Hamlib), and iOS (ios/).k1af@ft8af.appas a fallback contact — not public issues or Discord.ft8_lib/JNI DSP path, CAT/audio & libusb, desktop Hamlib rig control, Tauri/Rust IPC, logging-service credentials) and upstream coordination for the vendoredft8_liband bundled Hamlib.Note: private vulnerability reporting must be enabled in repo Settings → Security for the reporting flow to work.