Skip to main content

Security

As a quickly-evolving, open project you may think that security might not feature high on our priority list. This is not the case. We are aware of the data, security and privacy concerns within our community, and are making an active effort to make sure we also do our part.

To keep the platform easy to work on for developers, we essentially have two entirely separate projects in place:

  • Dev platform - this is completely open so anybody can access and use the server and database for development purposes. This site is not for use by the general public however, and as such we aim to not capture any sensitive information. Any code contributed to the site must be approved by an admin, and all source code is fully open with full history visible for scrutiny.

  • Live site - this is the locked down version. All server configuration is encrypted, and access only provided to a select group of admins (currently 2 people). The code that runs on this site is the same as the dev site, and has an additional approval step before going live.

As the platform grows we would also hope to take additional external review steps, so if you are interested in supporting this please feel free to get in touch.

Looking to disclose a security issue? Read more on our GitHub security policy