Skip to the content.

Security Policy

Scope

In the context of PSVL, a “security issue” is a problem with the license text itself that could undermine its protective purpose. Examples include:

PSVL is a license template, not software, so traditional vulnerability classes (CVEs, exploits, etc.) do not apply. This policy adapts the spirit of responsible disclosure to a legal document.

Supported Versions

Version Supported
1.0

When new major versions are released, the previous major version will continue to receive critical fixes for a reasonable period.

How to Report

Please use GitHub’s “Report a vulnerability” flow:

  1. Go to the Security and quality tab of this repository
  2. Click “Report a vulnerability” (or use the direct link)
  3. Describe the issue clearly, including:
    • The specific clause numbers affected
    • The exact wording at issue
    • The scenario or actor that could exploit the issue
    • Any suggested fix

This routes the report directly to the maintainer privately.

What to Expect

What NOT to Do

Scope Limit

This policy covers the PSVL template text itself. If you are using PSVL in your own project and experience a security incident, your own completed license — not this repository — governs.

For Code-of-Conduct concerns (interpersonal conduct in this repository’s community), see CODE_OF_CONDUCT.md, not this policy.