Changelog-added: SECURITY.md to help ensure that security
  vulnerabilities are reported responsibly.
---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..41cde26
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported versions
+
+Only the latest stable version is supported.
+
+## Reporting a vulnerability
+
+Preferably, [send an email to the security mailing list](mailto:~netlandish/security@lists.code.netlandish.com). This is an admin only list so it's not publicly visible.
+
+You can also email directly to
+[peter@netlandish.com](mailto:peter@netlandish.com).
+
+You can use [the following GPG key](https://petersanchez.com/publickey.txt) to
+encrypt your message if you'd like.
+
+**Please do not publicly post this report anywhere else.** This is so we have
+time to correct the issue before the bad guys start to abuse it.
+
+## Steps to reproduce
+
+Please include all steps to reproduce the vulnerability and any code specific
+line numbers, etc. if you have them.
+
+## security.txt
+
+This information is also available in
+[/.well-known/security.txt](https://linktaco.com/.well-known/security.txt)
-- 
2.47.2

Applied.

To git@git.code.netlandish.com:~netlandish/links
   0869e11..f0cf52a  master -> master