Add security policy

author rubenwardy <rw@rubenwardy.com>

Tue, 12 Nov 2019 22:46:42 +0000 (22:46 +0000)

committer rubenwardy <rw@rubenwardy.com>

Tue, 12 Nov 2019 22:46:42 +0000 (22:46 +0000)
author rubenwardy <rw@rubenwardy.com>
Tue, 12 Nov 2019 22:46:42 +0000 (22:46 +0000)
committer rubenwardy <rw@rubenwardy.com>
Tue, 12 Nov 2019 22:46:42 +0000 (22:46 +0000)
diff --git a/.github/SECURITY.md b/.github/SECURITY.md

new file mode 100644 (file)

index 0000000..1ae778a
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+We only support the latest production version, deployed to <https://content.minetest.net>.
+See the [releases page](https://github.com/minetest/contentdb/releases).
+
+## Reporting a Vulnerability
+
+We ask that you report vulnerabilities privately, by contacting rubenwardy,
+to give us time to fix them. You can do that by using one of the methods outlined in the following link:
+
+* https://rubenwardy.com/contact/
+
+Depending on severity, we will either create a private issue for the vulnerability
+and release a security update, or give you permission to file the issue publicly.
+
+For more information on the justification of this policy, see
+[Responsible Disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure).
author	rubenwardy <rw@rubenwardy.com>
	Tue, 12 Nov 2019 22:46:42 +0000 (22:46 +0000)
committer	rubenwardy <rw@rubenwardy.com>
	Tue, 12 Nov 2019 22:46:42 +0000 (22:46 +0000)