SECURITY.md: split out security-relevant bits from readme

GitHub has recently introduced a new set of tools that aims to ease the process around vulnerability reports and security fixes. Part of those tools is a new security tab for projects that will display contents from a new SECURITY.md file. Move relevant parts from README.md to this new file to make use of this feature.
author: Patrick Steinhardt <ps@pks.im> 2019-05-24 11:09:51 +0200
committer: Patrick Steinhardt <ps@pks.im> 2019-05-24 11:12:33 +0200
commit: 62bbec5a07d3dbd5beffd8d3bcb8115838d4a606 (patch)
tree: 4fc41c613726b1281a4a302bf372e6bbd98f09db /SECURITY.md
parent: 7a0238b18b25f65eb3e67fbd9d6a8a0afc58664a (diff)
download: libgit2-62bbec5a07d3dbd5beffd8d3bcb8115838d4a606.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..f98eebf50
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+This project will always provide security fixes for the latest two released
+versions. E.g. if the latest version is v0.28.x, then we will provide security
+fixes for both v0.28.x and v0.27.y, but no later versions.
+
+## Reporting a Vulnerability
+
+In case you think to have found a security issue with libgit2, please do not
+open a public issue.  Instead, you can report the issue to the private mailing
+list [security@libgit2.com](mailto:security@libgit2.com). We will acknowledge
+receipt of your message in at most three days and try to clarify further steps.
author	Patrick Steinhardt <ps@pks.im>	2019-05-24 11:09:51 +0200
committer	Patrick Steinhardt <ps@pks.im>	2019-05-24 11:12:33 +0200
commit	62bbec5a07d3dbd5beffd8d3bcb8115838d4a606 (patch)
tree	4fc41c613726b1281a4a302bf372e6bbd98f09db /SECURITY.md
parent	7a0238b18b25f65eb3e67fbd9d6a8a0afc58664a (diff)
download	libgit2-62bbec5a07d3dbd5beffd8d3bcb8115838d4a606.tar.gz