dsc-rs 0.10.21

Discourse CLI tool for managing multiple Discourse forums: track installs, run upgrades over SSH, manage emojis, sync topics and categories as Markdown, and more.
Documentation
# Security policy

## Reporting a vulnerability

Please **don't** open a public GitHub issue for security problems.

Use one of:

- **GitHub Security Advisories** — preferred. Open a draft advisory at <https://github.com/pacharanero/dsc/security/advisories/new>. This stays private until coordinated disclosure.
- **Email**`marcus@bawmedical.co.uk` for issues that don't fit the GitHub flow.

Please include:

- The dsc version (`dsc version`).
- A clear description of the issue and its impact.
- Reproduction steps if possible.
- Whether you've found a fix or workaround.

You should expect an initial reply within a few business days. Public disclosure happens only after a fix is available, with credit to the reporter unless they prefer otherwise.

## Scope

dsc runs in two modes that have very different security profiles:

### 1. Discourse API client (most commands)

`dsc list`, `dsc topic *`, `dsc user *`, `dsc post *`, etc. all act as a Discourse API client using the `apikey` / `api_username` from `dsc.toml`. The risks here are mostly around credential handling and accidental destructive operations. Notable:

- `dsc.toml` typically contains admin API keys. Treat it like `~/.ssh/config`.
- Destructive operations (`backup restore`, `setting set`, `topic push`, `topic new`, `post delete`, plugin/theme install/remove, `category copy`, `group copy`, etc.) all honour `--dry-run`.
- 429 retries with sane defaults. Bug-class concern would be loops or credential leakage in error output.

### 2. Server-level operations (`dsc update`, `dsc harden`, `dsc install`)

Run shell commands as root (`update`) or as root-then-non-root (`harden`, `install`) over SSH. Bug-class concerns are higher: shell injection, dropping bad sudoers entries, breaking sshd, etc. We treat issues in these commands as security-class bugs by default — please report rather than self-fix and PR.

`dsc harden` in particular publishes a hardening blueprint; see [docs/harden.md](docs/harden.md#why-publish-a-hardening-routine) for the rationale and mitigations.

## What's out of scope

- Bugs in Discourse itself, the Discourse REST API, or `discourse_docker`. Report those upstream at <https://meta.discourse.org>.
- Bugs in cargo-dist, the Homebrew tap publishing, or other third-party packaging tools. Report upstream.
- Issues with users putting their own API keys in source control or world-readable files — that's an operator concern, not a dsc bug.

## Receiving security updates

The project follows a "fix, then announce" model. Where a vulnerability requires action by users:

1. The patched version is released to crates.io, GitHub Releases, and the Homebrew tap.
2. A short advisory is published on GitHub Security Advisories with a CVSS score.
3. Major issues additionally get a brief note on the [Discourse Meta announcement thread]https://github.com/pacharanero/dsc#community.

For advance notice of advisories before they go public, watch the repo for "Security advisories" notifications (Settings → Notifications → Custom → Security advisories).