update security policy

README.md

@@ -53,13 +53,14 @@ staticrypt test.html -p MY_LONG_PASSWORD --share https://example.com/test_encryp
 find . -type f -name "*.html" -exec staticrypt {} -p MY_LONG_PASSWORD \;
 ```
 
-**Pin the salt to use staticrypt in your CI in a build step** - if you want want the "Remember-me" or share features to work accross multiple pages or multiple successive deployement, the salt needs to be the same ([see why](https://github.com/robinmoisson/staticrypt#why-does-staticrypt-create-a-config-file)). If you run StatiCrypt in a CI step, you can pin the salt in two ways:
+**Pin the salt to use staticrypt in your CI in a build step** - if you want want the "Remember-me" or share features to work accross multiple pages or multiple successive deployment, the salt needs to stay the same ([see why](https://github.com/robinmoisson/staticrypt#why-does-staticrypt-create-a-config-file)). If you run StatiCrypt in a CI step, you can pin the salt in two ways:
 
 ```bash
-# Commit the .staticrypt.json config file. You can generate a random salt and a config file on your local machine:
+# Either commit the .staticrypt.json config file - you can generate a random salt and 
+# a config file on your local machine:
 staticrypt --salt
 
-# Hardcode the salt in the CI script command:
+# Or hardcode the salt in the CI script command:
 staticrypt test.html -p MY_LONG_PASSWORD --salt 12345678901234567890123456789012
 ```
 
@@ -89,7 +90,7 @@ The password argument is optional if `STATICRYPT_PASSWORD` is set in the environ
                                    Pass a 32-character-long hexadecimal string to
                                    use as salt, or leave empty to generate, display
                                    and save to config a random salt. This won't
-                                   overwrite an exisiting config file.      [string]
+                                   overwrite an existing config file.       [string]
           --share                  Get a link containing your hashed password that
                                    will auto-decrypt the page. Pass your URL as a
                                    value to append "#staticrypt_pwd=<hashed_pwd>",

SECURITY.md

@@ -4,12 +4,13 @@
 
 These versions will receive security updates:
 
-| Version | Security updates   |
-| ------- | ------------------ |
-| 2.x     | :white_check_mark: |
-| 1.x     | :white_check_mark: |
+| Version | Security updates |
+|---------|------------------|
+| 3.x     | ✅ Yes            |
+| 2.x     | ✅ Yes            |
+| 1.x     | ❌ No             |
 
-I'll give priority the latest versions since I have a limited bandwidth, but I want to eventually roll out a fix for all versions. (This might change in the future. If it does, the last update to the unsupported versions will be to display a warning when running the command.)
+When a version stops being supported, the last update will be to display a warning when running the command.
 
 ## Reporting a Vulnerability
 
@@ -17,13 +18,11 @@ If you'd like to warn me privately of a vulnerabilty, you can write me at robin.
 
 If it's a more of a suggestion, or something that can be discussed openly without negative impact, you can also open an issue. Discussions on the security model and choices of StatiCrypt are very welcome!
 
-In case of a severe vulnerability I'll try to get back to you quickly to acknowledge I got the message, and to get a fix out relatively quickly as well. 
-
-There are periods in my life where I'm offline for weeks at a time, so unfortunately I can't guarantee a specific response speed at all times. Just know this might be what's happening if I'm completely unresponsive... It shouldn't last more than a month though.
-
+In case of a severe vulnerability I'll try to get back to you quickly to acknowledge I got the message, and to get a fix out relatively quickly as well. (I am sometimes offline for a few weeks at a time but that's pretty rare.)
 
 And finally if you're reporting anything security related: thank you very much for making StatiCrypt safer, your benevolence is very much appreciated! 🙏
 
+## Public key
 
 My public key:
 

cli/helpers.js

@@ -323,7 +323,7 @@ function parseCommandLineArguments() {
             describe:
                 'Generate a config file or set the salt manually. Pass a 32-character-long hexadecimal string ' +
                 'to use as salt, or leave empty to generate, display and save to config a random salt. This won\'t' +
-                ' overwrite an exisiting config file.',
+                ' overwrite an existing config file.',
             type: "string",
         })
         // do not give a default option to this parameter - we want to see when the flag is included with no