scottp
95bc2ae9fe
CONTRIBUTING.md: remove the deleted wii5_modes sketch from the testing
guidance; mention the surviving test/ subsystem sketches instead.
README.md: drop the now-incorrect "hardware schematics" entry from the
repository-layout block (doc/hardware/ was removed earlier). Add a
Repository section naming the Gitea canonical and the GitHub mirror
(https://github.com/SH3D/WII5Firmware) used for community issues and PRs.
SECURITY.md, CODE_OF_CONDUCT.md: point at the GitHub mirror for security
advisories; drop the vague "private GitHub message" path from the CoC.
CHANGELOG: replace the "TODO" placeholder with a real v5.5.1 initial
public release entry.
Doxyfile: rewrite the PROJECT_NUMBER injection example to use
`git describe` instead of the deleted VERSION file.
VERSION: removed. It was bumped by tools/tag_version.sh +
tools/build_version.sh (both deleted in c89c636); build_local.sh injects
WII5_SOFTWARE_VERSION from `git log -1 --pretty=%h` at compile time, so
nothing load-bearing depends on the file.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1.7 KiB
Security Policy
Reporting a vulnerability
If you discover a security issue in the WII5 Buoy firmware — for example, a flaw in the Iridium SBD command-handling path, an authentication bypass in the console protocol, or anything else that could let an attacker take control of a deployed buoy — please do not open a public GitHub issue.
Instead, report it privately:
- Open a private security advisory via the GitHub mirror's Security tab → "Report a vulnerability": https://github.com/SH3D/WII5Firmware/security/advisories/new
- Or email the maintainer: Scott Penrose <scottp@dd.com.au>
Please include:
- A description of the issue and its potential impact
- Steps to reproduce, or a proof-of-concept
- The affected firmware version (
WII5_SOFTWARE_VERSION) and hardware variant if known
We will acknowledge receipt within a reasonable time, work with you on a fix, and coordinate disclosure.
What this project asks of contributors
When opening issues or pull requests, please do not include:
- Internal hostnames, IP addresses, or network paths from operational deployments
- Iridium IMEIs, modem serial numbers, or device identifiers from real deployments
- GPS coordinates of operational deployment sites
- Other contributors' personal information (emails, real names, paths) — unless they have given explicit permission
If you need example values to demonstrate a problem, use obviously-fake
placeholders (e.g. 192.0.2.1 from RFC 5737, IMEI 300000000000000,
generic lat/lng like 0,0).
Supported versions
Only the latest tagged release on main is actively supported. Older
deployed firmware may continue to function in the field but does not
receive backported fixes.