forked from mirrors/jj
docs: add a SECURITY.md
I've set up a jj-security@googlegroups.com list. The template comes from Google's internal web. I have no experience with GitHub's Security Advisory database, but it seems like a good practice, so let's use it.
This commit is contained in:
parent
9ff422396a
commit
b6cac0c6aa
1 changed files with 7 additions and 0 deletions
7
SECURITY.md
Normal file
7
SECURITY.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
To report a security issue, please
|
||||||
|
email [Jujutsu VCS Security](jj-security@googlegroups.com)
|
||||||
|
with a description of the issue, the steps you took to create the issue,
|
||||||
|
affected versions, and, if known, mitigations for the issue. Our vulnerability
|
||||||
|
management team will respond within 3 working days of your email. If the issue
|
||||||
|
is confirmed as a vulnerability, we will open a Security Advisory. This project
|
||||||
|
follows a 90 day disclosure timeline.
|
Loading…
Reference in a new issue