Fyra Labs is committed to ensuring user security and privacy. As such, we constantly try our best to ensure that our infrastructure and process are secure, which you may read about in our FAQ.
As a part of Fyra Labs's transparency measures, we will publicize details of any known breaches. This information will include, but will not be limited to:
- Affected users, infrastructure, and data.
- The severity of the attack.
- An in-depth explanation of how the breach occurred, including relevant security vulnerabilities.
- How Fyra Labs will better protect user data in the future, ensuring our commitment to security and privacy.
We will publish these updates on our Twitter, Fedi, and Discord.
Terra is a rolling-release package repository. As such, we push updates as soon as the upstream project releases them. If you find a vulnerability in an upstream project, please report it to that project directly. We will decline reports that are solely due to an upstream bug.
However, if the upstream project is unmaintained or does not resolve the vulnerability after being disclosed, you may file a security advisory. Depending on the package, we might remove it from the Terra repositories or patch it to resolve the vulnerability.
In the case of a vulnerability in our infrastructure or packaging, you may report it using GitHub's security advisory system. We will try to respond to reports as soon as possible, at most in 24 hours. Please refrain from publicizing the vulnerability until we have published the security advisory in order to avoid putting end-users at risk.
If you have any questions out our security policy, please reach out to us on Discord or through email. Please report security vulnerabilities using the aforementioned method. We will try to respond promptly to both, however you will likely get a quicker response via Discord.