From de10eee5ed400b3ccb2d9a0434b1fcd9a9b25745 Mon Sep 17 00:00:00 2001 From: Iustin Pop Date: Sun, 16 Apr 2023 17:34:55 +0200 Subject: [PATCH] Add a simple security policy --- README.md | 4 ++++ SECURITY.md | 13 +++++++++++++ doc/index.rst | 1 + doc/security.md | 1 + 4 files changed, 19 insertions(+) create mode 100644 SECURITY.md create mode 120000 doc/security.md diff --git a/README.md b/README.md index 7d7012c..80f9eca 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,10 @@ e.g. in Debian: sudo apt install python3-pyxattr +## Security + +For reporting security vulnerabilities, please see SECURITY.md. + ## Basic example >>> import xattr diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..9045686 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +To report a (potential or confirmed) security issue, please email + with a description of the issue, steps to reproduce +it, affected versions, and if known, mitigations for the issue. + +Since this is a small project, there's no list of supported +versions. I will attempt to reply to reports within a working week, +and to fix and disclose vulnerabilities within 90 days, but this is +not a guarantee. + +Optionally, you can encrypt the email with my GPG key, see for details +. diff --git a/doc/index.rst b/doc/index.rst index a918c2e..c877731 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -12,6 +12,7 @@ Contents :maxdepth: 2 readme.md + security.md module.rst news.rst diff --git a/doc/security.md b/doc/security.md new file mode 120000 index 0000000..9d57138 --- /dev/null +++ b/doc/security.md @@ -0,0 +1 @@ +../SECURITY.md \ No newline at end of file -- 2.39.5