Create SECURITY.md

author: Hisham Muhammad <hisham@gobolinux.org> 2022-12-01 12:59:04 -0300
committer: GitHub <noreply@github.com> 2022-12-01 12:59:04 -0300
commit: 1c9266d6521c16e126fdff0be785c81170ed4b4c (patch)
tree: eaeeeb7856f3bd96e20aa4690257f96cd6a646ef
parent: 6277b83f2863d5c49802dcdeb4be55a0ed44486c (diff)
download: luarocks-1c9266d6521c16e126fdff0be785c81170ed4b4c.tar.gz
luarocks-1c9266d6521c16e126fdff0be785c81170ed4b4c.tar.bz2
luarocks-1c9266d6521c16e126fdff0be785c81170ed4b4c.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..de2b983a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+## Supported Versions
+The LuaRocks project supports the _latest version_ of the tool
+for bugfixes and security updates. In other words, if an
+issue is reported and we produce a fix, it will appear in a subsequent
+patch version (x.y.Z) of the tool, but we do not backport fixes
+to previous minor (x.Y.z) or major (X.y.z) versions.
+## Reporting a Vulnerability
+To report a vulnerability on the LuaRocks CLI tool, email 
+Hisham Muhammad at hisham@luarocks.org.
+To report a vulnerability on the https://luarocks.org website,
+email Leaf Corcoran at leafot@gmail.com.
+We will acknowledge your contact as soon as the message is
+received, then assess the vulnerability and get back to you
+with further feedback once analysis on our end is done.
author	Hisham Muhammad <hisham@gobolinux.org>	2022-12-01 12:59:04 -0300
committer	GitHub <noreply@github.com>	2022-12-01 12:59:04 -0300
commit	1c9266d6521c16e126fdff0be785c81170ed4b4c (patch)
tree	eaeeeb7856f3bd96e20aa4690257f96cd6a646ef
parent	6277b83f2863d5c49802dcdeb4be55a0ed44486c (diff)
download	luarocks-1c9266d6521c16e126fdff0be785c81170ed4b4c.tar.gz luarocks-1c9266d6521c16e126fdff0be785c81170ed4b4c.tar.bz2 luarocks-1c9266d6521c16e126fdff0be785c81170ed4b4c.zip

diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..de2b983a --- /dev/null +++ b/SECURITY.md
@@ -0,0 +1,21 @@
	1	# Security Policy
	2
	3	## Supported Versions
	4
	5	The LuaRocks project supports the _latest version_ of the tool
	6	for bugfixes and security updates. In other words, if an
	7	issue is reported and we produce a fix, it will appear in a subsequent
	8	patch version (x.y.Z) of the tool, but we do not backport fixes
	9	to previous minor (x.Y.z) or major (X.y.z) versions.
	10
	11	## Reporting a Vulnerability
	12
	13	To report a vulnerability on the LuaRocks CLI tool, email
	14	Hisham Muhammad at hisham@luarocks.org.
	15
	16	To report a vulnerability on the https://luarocks.org website,
	17	email Leaf Corcoran at leafot@gmail.com.
	18
	19	We will acknowledge your contact as soon as the message is
	20	received, then assess the vulnerability and get back to you
	21	with further feedback once analysis on our end is done.