Received: from mail.netlandish.com (mail.netlandish.com [174.136.98.166])
	by code.netlandish.com (Postfix) with ESMTP id 602CE27B
	for <~netlandish/links-dev@lists.code.netlandish.com>; Tue, 29 Apr 2025 00:46:24 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.170; helo=mail-vk1-f170.google.com; envelope-from=peter@netlandish.com; receiver=<UNKNOWN> 
Authentication-Results: mail.netlandish.com;
	dkim=pass (1024-bit key; unprotected) header.d=netlandish.com header.i=@netlandish.com header.b=DjGhs4ZK
Received: from mail-vk1-f170.google.com (mail-vk1-f170.google.com [209.85.221.170])
	by mail.netlandish.com (Postfix) with ESMTP id 2B3371D6463
	for <~netlandish/links-dev@lists.code.netlandish.com>; Tue, 29 Apr 2025 00:46:35 +0000 (UTC)
Received: by mail-vk1-f170.google.com with SMTP id 71dfb90a1353d-5262475372eso2387269e0c.2
        for <~netlandish/links-dev@lists.code.netlandish.com>; Mon, 28 Apr 2025 17:46:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=netlandish.com; s=google; t=1745887594; x=1746492394; darn=lists.code.netlandish.com;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=qhPCcm/vSqFqpZBCkVDMg2Nzop08AA9E3p0qCsrZSQ0=;
        b=DjGhs4ZKG4K3+6XCJEZDRGSbFhyrETR7b0nvlTmEKZPtmCdxw+E+nmsKyO6hmj2vuE
         iYnScl+3vEGRyaOvBwNub1JiUverSXFAgubkCscWpgzQXcH0cgKpQuz0LD6O8C0QCiNl
         Jnz/BYRBhTlZmRbNvtJ7M8hwg5qkiFWAVhw0A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745887594; x=1746492394;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=qhPCcm/vSqFqpZBCkVDMg2Nzop08AA9E3p0qCsrZSQ0=;
        b=Y1gtrUaiySSfJ4zLYZRgtkEb3c1IwH2yuZaFJlMTeBG+jlCCHTYXA5bFM6u0oCdAjB
         +xEGGorVBQ1srw4GYBRj6rpWUiaUDRbyZQsmj+baH0hd740a2hu86w5rSba7sDt2Baqx
         DINa+GT8rReU+PXWFB3i5n4ppwlrs16qjdV7whECZbj86UeKZMeI+ff1nY0mVZPvHUeb
         DnsYX3pDZr4fK4YRWVmj5sL2StyEmkzjPAJiYwLsGtv3f2ERhlxdKom4dEw3CYEoPoBO
         wpzBVkg6zEB8AyjIx/t9SeBAL3oDxrVif5w6nfjTFiOOWLdK43kRm8wojvs1l8IXagwR
         xQsQ==
X-Gm-Message-State: AOJu0YzOC5iXRuDCzp4gUZzVDkqbq+iHnbJIyLBkSWk00FhYApY047em
	ZSQDVVXxAYIhFB9CUOI1k4oYRor4f9KSiDgDq66PuLc4Q7G31U2m67Kkwk7PQz22KR/fkqSRiBv
	fEbs=
X-Gm-Gg: ASbGncth1wrT7vfHp82LfcG4MhlQQ/6Oo23WFDR92tzGcWktpoWUARkt/K91X3jny57
	NsjbqRYyB/areEmUVyqYKNdaauAGkTmTbGxzVO/OME5Qdl/P/F6Uhioq6QGeunRKwt4+nvMmmZv
	pYdZ7Kig1MGdnEzNaIfa8aIUByHWk8HZ5OPAJi1xX9N1u90WpcA5TJ/OhNt7tc1ljvbL1c8eaTn
	Dz3G9YEncroHGyED1PAFSHFEOrxMrG3Wt5tZkGkd5HzNOc2CIali9Ip2ivRHLNhIYaLRZN00q7i
	t+RcqVVH+ljkFvSyxX3KMl2vqmhK8UglCBQ3zWnXlw==
X-Google-Smtp-Source: AGHT+IFScvCFSil0SRlnGcEzBiawo9mvc+IUHkK1XPYyomsz95Ku5T24+reIZOdGmSgQ+UjPCEBInA==
X-Received: by 2002:a05:6102:1522:b0:4bb:b589:9d95 with SMTP id ada2fe7eead31-4da7f03b9a0mr1529294137.4.1745887594063;
        Mon, 28 Apr 2025 17:46:34 -0700 (PDT)
Received: from localhost ([2803:2d60:1118:5ee:e9d3:8303:760f:3950])
        by smtp.gmail.com with ESMTPSA id ada2fe7eead31-4dac588961dsm69906137.14.2025.04.28.17.46.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 28 Apr 2025 17:46:33 -0700 (PDT)
From: Peter Sanchez <peter@netlandish.com>
To: ~netlandish/links-dev@lists.code.netlandish.com
Cc: Peter Sanchez <peter@netlandish.com>
Subject: [PATCH links] Adding SECURITY.md so the user base has the information they need to report any security specific issues they may discover.
Date: Mon, 28 Apr 2025 18:46:27 -0600
Message-ID: <20250429004631.25510-1-peter@netlandish.com>
X-Mailer: git-send-email 2.47.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Changelog-added: SECURITY.md to help ensure that security
  vulnerabilities are reported responsibly.
---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..41cde26
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported versions
+
+Only the latest stable version is supported.
+
+## Reporting a vulnerability
+
+Preferably, [send an email to the security mailing list](mailto:~netlandish/security@lists.code.netlandish.com). This is an admin only list so it's not publicly visible.
+
+You can also email directly to
+[peter@netlandish.com](mailto:peter@netlandish.com).
+
+You can use [the following GPG key](https://petersanchez.com/publickey.txt) to
+encrypt your message if you'd like.
+
+**Please do not publicly post this report anywhere else.** This is so we have
+time to correct the issue before the bad guys start to abuse it.
+
+## Steps to reproduce
+
+Please include all steps to reproduce the vulnerability and any code specific
+line numbers, etc. if you have them.
+
+## security.txt
+
+This information is also available in
+[/.well-known/security.txt](https://linktaco.com/.well-known/security.txt)
-- 
2.47.2