From 2b97cbb94d9a175adc7faf5721018e10ae05cf6b Mon Sep 17 00:00:00 2001 From: Iustin Pop Date: Sun, 16 Apr 2023 21:21:32 +0200 Subject: [PATCH] Add a simple security policy --- README.md | 3 +++ SECURITY.md | 16 ++++++++++++++++ doc/index.rst | 1 + doc/security.md | 1 + 4 files changed, 21 insertions(+) create mode 100644 SECURITY.md create mode 120000 doc/security.md diff --git a/README.md b/README.md index 2271dd1..fbfe770 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,9 @@ or: - `pkg install py37-setuptools` +## Security + +For reporting security vulnerabilities, please see SECURITY.md. ## License diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..dbd4a7c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +# Security Policy + +To report a (potential or confirmed) security issue, please email + with a description of the issue, steps to reproduce +it, affected versions, and if known, mitigations for the issue. + +Since this is a small project, there's no list of supported +versions. I will attempt to reply to reports within a working week, +and to fix and disclose vulnerabilities within 90 days, but this is +not a guarantee. + +Optionally, you can encrypt the email with my GPG key, see for details +. + +Alternatively, you can use the GitHub "Private vulnerability +reporting" functionality (but note this is beta). diff --git a/doc/index.rst b/doc/index.rst index b47a5b6..f730027 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -12,6 +12,7 @@ Contents :maxdepth: 2 readme.md + security.md module.rst implementation.rst news.rst diff --git a/doc/security.md b/doc/security.md new file mode 120000 index 0000000..9d57138 --- /dev/null +++ b/doc/security.md @@ -0,0 +1 @@ +../SECURITY.md \ No newline at end of file -- 2.39.5