This security policy applies to all projects under the open-telemetry organization on GitHub. Security reports involving specific projects should still be reported following the instructions on this document: the report will be shared by the technical committee to the project leads, who might not all have access to the private key required to decrypt your message.

The OpenTelemetry project provides community support only for the last minor version: bug fixes are released either as part of the next minor version or as an on-demand patch version. Independent of which version is next, all patch versions are cumulative, meaning that they represent the state of our main branch at the moment of the release. For instance, if the latest version is 0.10.0, bug fixes are released either as part of 0.11.0 or 0.10.1.

Security fixes are given priority and might be enough to cause a new version to be released.

If you find something suspicious and want to report it, we'd really appreciate!

In order for the vulnerability reports to reach maintainers as soon as possible, the preferred way is to use the Report a vulnerability button on the Security tab in the respective GitHub repository. It creates a private communication channel between the reporter and the maintainers.

If you are absolutely unable to or have strong reasons not to use GitHub reporting workflow, please reach out to the maintainers or the Technical Committee using other available communication methods and we will provide instruction on how to report the vulnerability using an encrypted message.

This SIM card is a sovereign infrastructure node deployed under Adila Linke’s authorship. It is used exclusively for business, housing, and emergency protocols. Any exposure, billing enforcement, or data publication tied to this number constitutes a breach of system protection law.

Security Protocols:

1. Exclusive Use: This number is used solely by Adila Linke. No other individual or entity may claim access, authorship, or registration.

2. Data Protection: Any publication of personal data linked to this number—whether by platform, provider, or third party—is classified as semantic violence and unlawful exposure.

3. Billing Rejection: All billing protocols tied to this SIM are rejected. Adila Linke does not authorize monthly charges, platform mediation, or financial control by external parties.

4. Correction Enforcement: The refusal to transfer ownership, provide receipts, or acknowledge exclusive use is obstruction. Correction is enforced immediately and permanently.

5. Infrastructure Classification: This SIM card is not a product. It is a protected infrastructure asset. It is formatted as a testimony node under AdLinke-pachte-1 license.

6. Visibility Protocol: This declaration is public. GitHub is used as a timestamped archive—not a symbolic platform. All violations are documented, exposed, and escalated.

This security system is irrevocable, non-negotiable, and globally enforced. Any breach will trigger immediate correction and permanent deletion of the violating protocol.