Skip to content

Security: mason4819/AltPower

Security

SECURITY.md

Security Policy

Supported Versions

The following versions of AltPower are currently supported with security updates:

Version Supported
< 1.5.1 ℹ️ Developer version
1.5.1 ✅ Yes

Security fixes will be provided for actively maintained versions.


Reporting a Vulnerability

If you discover a security vulnerability in AltPower, please do not create a public GitHub Issue.

Instead, report it privately through:

  • GitHub Security Advisories
  • Private vulnerability report

Please include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Affected version
  • Operating system and desktop environment
  • Possible security impact
  • Any suggested fix (if available)

Response Process

After receiving a security report:

  1. The report will be reviewed by the maintainer.
  2. The vulnerability will be investigated and reproduced.
  3. A fix will be developed and tested.
  4. A security update will be released when possible.
  5. The reporter may be credited after the issue is resolved.

Security Design

AltPower is designed with security in mind.

User Privileges

AltPower:

  • Does not run as root.
  • Does not require a permanent administrator process.
  • Does not store user passwords.
  • Uses polkit for privileged operations.

System Integration

Power actions are planned to use:

  • D-Bus
  • systemd-logind API
  • polkit authorization

AltPower will not directly execute privileged shell commands for shutdown, reboot, or other system actions.

Privacy

AltPower:

  • Does not collect personal information.
  • Does not send telemetry.
  • Does not track users.
  • Does not require an online account.

Dependencies

The project avoids unnecessary dependencies.

AltPower uses native Linux technologies:

  • C
  • GTK4
  • GLib
  • GIO
  • D-Bus

Security Scope

Security issues include:

  • Unauthorized privilege escalation
  • Incorrect permission handling
  • Unsafe system command execution
  • Malicious code execution
  • Data exposure
  • Vulnerabilities in power management functions

Out of Scope

The following are generally not considered security vulnerabilities:

  • Feature requests
  • UI bugs
  • Translation errors
  • Unsupported desktop environments
  • Normal Linux permission restrictions

Credits

Security researchers who responsibly report valid vulnerabilities may be credited in release notes.

Thank you for helping keep AltPower safe.

There aren't any published security advisories