From 2b97cbb94d9a175adc7faf5721018e10ae05cf6b Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@k1024.org>
Date: Sun, 16 Apr 2023 21:21:32 +0200
Subject: [PATCH] Add a simple security policy

---
 README.md       |  3 +++
 SECURITY.md     | 16 ++++++++++++++++
 doc/index.rst   |  1 +
 doc/security.md |  1 +
 4 files changed, 21 insertions(+)
 create mode 100644 SECURITY.md
 create mode 120000 doc/security.md

diff --git a/README.md b/README.md
index 2271dd1..fbfe770 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,9 @@ or:
 
 - `pkg install py37-setuptools`
 
+## Security
+
+For reporting security vulnerabilities, please see SECURITY.md.
 
 ## License
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..dbd4a7c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+To report a (potential or confirmed) security issue, please email
+<iustin@k1024.org> with a description of the issue, steps to reproduce
+it, affected versions, and if known, mitigations for the issue.
+
+Since this is a small project, there's no list of supported
+versions. I will attempt to reply to reports within a working week,
+and to fix and disclose vulnerabilities within 90 days, but this is
+not a guarantee.
+
+Optionally, you can encrypt the email with my GPG key, see for details
+<https://k1024.org/contact/>.
+
+Alternatively, you can use the GitHub "Private vulnerability
+reporting" functionality (but note this is beta).
diff --git a/doc/index.rst b/doc/index.rst
index b47a5b6..f730027 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -12,6 +12,7 @@ Contents
    :maxdepth: 2
 
    readme.md
+   security.md
    module.rst
    implementation.rst
    news.rst
diff --git a/doc/security.md b/doc/security.md
new file mode 120000
index 0000000..9d57138
--- /dev/null
+++ b/doc/security.md
@@ -0,0 +1 @@
+../SECURITY.md
\ No newline at end of file
-- 
2.39.2