~netlandish/links: Adding SECURITY.md so the user base has the information they need to report any security specific issues they may discover.

f0cf52ab6a0271eea5ce3264d0a63534376a9d5b — Peter Sanchez 10 days ago 0869e11

Adding SECURITY.md so the user base has the information they need to report any security specific issues they may discover.

Changelog-added: SECURITY.md to help ensure that security
  vulnerabilities are reported responsibly.

patch browse .tar.gz

1 files changed, 28 insertions(+), 0 deletions(-)

A SECURITY.md

A SECURITY.md => SECURITY.md +28 -0

@@ 0,0 1,28 @@
+# Security Policy
+
+## Supported versions
+
+Only the latest stable version is supported.
+
+## Reporting a vulnerability
+
+Preferably, [send an email to the security mailing list](mailto:~netlandish/security@lists.code.netlandish.com). This is an admin only list so it's not publicly visible.
+
+You can also email directly to
+[peter@netlandish.com](mailto:peter@netlandish.com).
+
+You can use [the following GPG key](https://petersanchez.com/publickey.txt) to
+encrypt your message if you'd like.
+
+**Please do not publicly post this report anywhere else.** This is so we have
+time to correct the issue before the bad guys start to abuse it.
+
+## Steps to reproduce
+
+Please include all steps to reproduce the vulnerability and any code specific
+line numbers, etc. if you have them.
+
+## security.txt
+
+This information is also available in
+[/.well-known/security.txt](https://linktaco.com/.well-known/security.txt)