Please do not disclose an unpatched vulnerability in a public issue, discussion, or pull request.
Use GitHub's Report a vulnerability option in the Security tab of the affected repository when it is available. Include:
- the affected repository, revision, and component;
- the impact and conditions required to reproduce it;
- a minimal proof of concept or clear reproduction steps;
- any suggested mitigation;
- whether the issue has been disclosed elsewhere.
If private vulnerability reporting is not available for the affected repository, contact a RoboNet maintainer through their public GitHub profile and ask for a private reporting channel without including vulnerability details in the initial message.
We will acknowledge actionable reports, assess impact, and coordinate a fix and disclosure timeline. Please allow maintainers reasonable time to investigate before any public disclosure.
This policy covers code and hardware designs maintained in the robonet-ai organization. Third-party services, dependencies, robot firmware, headsets, and repositories linked but not maintained by RoboNet are outside our direct control; report those issues to their respective maintainers as well.
For ordinary bugs and support requests, use the relevant public issue tracker.