1 files changed, 21 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..de2b983a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+## Supported Versions
+The LuaRocks project supports the _latest version_ of the tool
+for bugfixes and security updates. In other words, if an
+issue is reported and we produce a fix, it will appear in a subsequent
+patch version (x.y.Z) of the tool, but we do not backport fixes
+to previous minor (x.Y.z) or major (X.y.z) versions.
+## Reporting a Vulnerability
+To report a vulnerability on the LuaRocks CLI tool, email 
+Hisham Muhammad at hisham@luarocks.org.
+To report a vulnerability on the https://luarocks.org website,
+email Leaf Corcoran at leafot@gmail.com.
+We will acknowledge your contact as soon as the message is
+received, then assess the vulnerability and get back to you
+with further feedback once analysis on our end is done.

diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..de2b983a --- /dev/null +++ b/SECURITY.md
@@ -0,0 +1,21 @@
	1	# Security Policy
	2
	3	## Supported Versions
	4
	5	The LuaRocks project supports the _latest version_ of the tool
	6	for bugfixes and security updates. In other words, if an
	7	issue is reported and we produce a fix, it will appear in a subsequent
	8	patch version (x.y.Z) of the tool, but we do not backport fixes
	9	to previous minor (x.Y.z) or major (X.y.z) versions.
	10
	11	## Reporting a Vulnerability
	12
	13	To report a vulnerability on the LuaRocks CLI tool, email
	14	Hisham Muhammad at hisham@luarocks.org.
	15
	16	To report a vulnerability on the https://luarocks.org website,
	17	email Leaf Corcoran at leafot@gmail.com.
	18
	19	We will acknowledge your contact as soon as the message is
	20	received, then assess the vulnerability and get back to you
	21	with further feedback once analysis on our end is done.