Security issues may be reported to:

mchehab at kernel.org

Reports should include sufficient technical detail to allow reproduction and assessment of the issue.

Please avoid public disclosure of suspected vulnerabilities until the issue has been reviewed where possible.

This project provides upstream source code and software artifacts for general-purpose use.

The maintainers distribute the software as development artifacts and documentation only. The maintainers do not operate production deployments, hosted services, or downstream distributions of this software.

Security review, patch development, and vulnerability remediation are performed on a best-effort basis and may depend on community contributions.

The maintainers do not guarantee response times, security updates, or continued maintenance of any particular version.

Entities that package, distribute, integrate, or deploy this software are responsible for ensuring the security and compliance of their deployments.

This includes, but is not limited to:

• monitoring for security advisories
• applying or backporting security patches
• validating fixes in their environments
• distributing updates to their users
• complying with applicable regulatory or operational requirements

Distributors and operators should maintain their own security response processes appropriate to their deployment environments.

Security fixes may be applied to actively maintained versions of the project at the discretion of the maintainers.

Versions outside active development may not receive updates.

Because this project is distributed as standalone software and source code, the maintainers do not control how the software is compiled, packaged, deployed, or operated by third parties.

Responsibility for the security and maintenance of deployed systems remains with the parties operating or distributing the software.