Add basic security policy to repo

spyder-ide · Nov 23, 2021 · 876c074 · 876c074
1 parent 1142c54
commit 876c074
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -2,4 +2,5 @@ include AUTHORS.md
 include CHANGELOG.md
 include LICENSE.txt
 include README.md
+include SECURITY.md
 recursive-include qtpy/tests *.py *.ui
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+
+## Supported Versions
+
+The following summarizes the support status of recent QtPy versions.
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 2.0.x    | :heavy_check_mark: |
+| 1.11.x   | :heavy_check_mark: |
+| <=1.10.x | :x:                |
+
+
+
+## Reporting a Vulnerability
+
+If you believe you've discovered a security vulnerability in Sub Manager, please contact the project maintainers, the Spyder development team, at [email protected] .
+Please be sure to carefully document the vulnerability, including a summary, describing the impacts, identifying the line(s) of code affected, stating the conditions under which it is exploitable and including a minimal reproducible test case.
+Further information and advice or patches on how to mitigate it is always welcome.
+You can usually expect to hear back within 1 week, at which point we'll inform you of our evaluation of the vulnerability and what steps we plan to take, and will reach out if we need further clarification from you.
+Once its patched, we'll send a followup email letting you know, and are happy to update you on its status should you further inquire.
+While this is a volunteer project and we don't have financial compensation to offer, we can certainly publicly thank you for your help if you would like.
+Thanks!