From de10eee5ed400b3ccb2d9a0434b1fcd9a9b25745 Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@k1024.org>
Date: Sun, 16 Apr 2023 17:34:55 +0200
Subject: [PATCH] Add a simple security policy

---
 README.md       |  4 ++++
 SECURITY.md     | 13 +++++++++++++
 doc/index.rst   |  1 +
 doc/security.md |  1 +
 4 files changed, 19 insertions(+)
 create mode 100644 SECURITY.md
 create mode 120000 doc/security.md

diff --git a/README.md b/README.md
index 7d7012c..80f9eca 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,10 @@ e.g. in Debian:
 
     sudo apt install python3-pyxattr
 
+## Security
+
+For reporting security vulnerabilities, please see SECURITY.md.
+
 ## Basic example
 
     >>> import xattr
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9045686
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+To report a (potential or confirmed) security issue, please email
+<iustin@k1024.org> with a description of the issue, steps to reproduce
+it, affected versions, and if known, mitigations for the issue.
+
+Since this is a small project, there's no list of supported
+versions. I will attempt to reply to reports within a working week,
+and to fix and disclose vulnerabilities within 90 days, but this is
+not a guarantee.
+
+Optionally, you can encrypt the email with my GPG key, see for details
+<https://k1024.org/contact/>.
diff --git a/doc/index.rst b/doc/index.rst
index a918c2e..c877731 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -12,6 +12,7 @@ Contents
    :maxdepth: 2
 
    readme.md
+   security.md
    module.rst
    news.rst
 
diff --git a/doc/security.md b/doc/security.md
new file mode 120000
index 0000000..9d57138
--- /dev/null
+++ b/doc/security.md
@@ -0,0 +1 @@
+../SECURITY.md
\ No newline at end of file
-- 
2.39.2