This software is provided as-is, with no guarantee of fitness for any particular purpose, freedom from defects, or ongoing maintenance. That said, every reasonable effort has been made to ensure the code is free from major security issues.
| Version | Supported |
|---|---|
| Latest release | Best-effort |
| Older releases | No |
This software carries no warranty, expressed or implied. You are responsible for evaluating whether it is appropriate for your use case. If you deploy it in a production environment and something goes sideways, that is on you -- but feel free to open an issue anyway.
If you discover a security vulnerability, please report it responsibly rather than opening a public issue.
To report a vulnerability:
- Email: [dnsgeek@duck.com]
- Or open a GitHub private security advisory
What to expect:
- Acknowledgment within a reasonable timeframe (no SLA is guaranteed)
- Best-effort investigation and response
- A fix if the issue is confirmed and within scope, with no committed timeline
This policy covers the source code in this repository only. Third-party dependencies are out of scope -- check their respective security policies.
To be explicit:
- No guarantee that this software is free from vulnerabilities
- No guarantee of timely response to reports
- No guarantee that reported issues will be fixed
- No guarantee of continued maintenance
None of the above is an excuse to be sloppy. Every attempt has been made to write secure, correct code. It just means you should do your own due diligence before relying on this software for anything important.