Maintenance question

[jcrben]

This looks quite convenient and modern, but I haven't adopted it yet - currently using a mix of in different projects including blackbox, git-secret, and even gopass and would like to consolidate on a simple modern solution.

I'd like to using something with a group of fellow users who are interested in helping each other out. Wondering how you're thinking about maintenance @slok - do you want help testing any of these dependabot issues? I noticed that @katexochen has a fork where they merged in some vulnerability fixes https://github.com/katexochen/agebox/tree/fix-vulns

[katexochen]

My fork is/was only to upstream the security fixes in #199.

Notice that that we decided to remove the package from nixpkgs as it is security critical software and unmaintained: NixOS/nixpkgs#326671

[slok]

I do my best 🤷, the project will not get new features, I think it has good enough constrained features and simple API for general/regular usage. From time to time I will try update the dependencies, but I can't promise that it will be up to date always.

I will cut a new release with tooling and updates: #201

Thanks for the interest!

[jcrben]

The frozen feature set is actually what I'm looking for!

[jcrben]

Another thing @slok - what do you think about adding a SECURITY.md so that it's easy to see what the security policy is?