docs: add a SECURITY.md

I've set up a jj-security@googlegroups.com list. The template comes
from Google's internal web.

I have no experience with GitHub's Security Advisory database, but it
seems like a good practice, so let's use it.
This commit is contained in:
Martin von Zweigbergk 2023-03-10 10:59:37 -08:00 committed by Martin von Zweigbergk
parent 9ff422396a
commit b6cac0c6aa

7
SECURITY.md Normal file
View file

@ -0,0 +1,7 @@
To report a security issue, please
email [Jujutsu VCS Security](jj-security@googlegroups.com)
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue. Our vulnerability
management team will respond within 3 working days of your email. If the issue
is confirmed as a vulnerability, we will open a Security Advisory. This project
follows a 90 day disclosure timeline.