The following versions of AltPower are currently supported with security updates:
| Version | Supported |
|---|---|
| < 1.5.1 | ℹ️ Developer version |
| 1.5.1 | ✅ Yes |
Security fixes will be provided for actively maintained versions.
If you discover a security vulnerability in AltPower, please do not create a public GitHub Issue.
Instead, report it privately through:
- GitHub Security Advisories
- Private vulnerability report
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected version
- Operating system and desktop environment
- Possible security impact
- Any suggested fix (if available)
After receiving a security report:
- The report will be reviewed by the maintainer.
- The vulnerability will be investigated and reproduced.
- A fix will be developed and tested.
- A security update will be released when possible.
- The reporter may be credited after the issue is resolved.
AltPower is designed with security in mind.
User Privileges
AltPower:
- Does not run as root.
- Does not require a permanent administrator process.
- Does not store user passwords.
- Uses polkit for privileged operations.
Power actions are planned to use:
- D-Bus
- systemd-logind API
- polkit authorization
AltPower will not directly execute privileged shell commands for shutdown, reboot, or other system actions.
AltPower:
- Does not collect personal information.
- Does not send telemetry.
- Does not track users.
- Does not require an online account.
The project avoids unnecessary dependencies.
AltPower uses native Linux technologies:
- C
- GTK4
- GLib
- GIO
- D-Bus
Security issues include:
- Unauthorized privilege escalation
- Incorrect permission handling
- Unsafe system command execution
- Malicious code execution
- Data exposure
- Vulnerabilities in power management functions
The following are generally not considered security vulnerabilities:
- Feature requests
- UI bugs
- Translation errors
- Unsupported desktop environments
- Normal Linux permission restrictions
Security researchers who responsibly report valid vulnerabilities may be credited in release notes.
Thank you for helping keep AltPower safe.