From 2ad242af68559039b0059b6c670f83179d574f95 Mon Sep 17 00:00:00 2001 From: Yee Cheng Chin Date: Sat, 4 Mar 2023 02:06:40 -0800 Subject: [PATCH] Add security policy file / documentation GitHub has a security tab that allows repos to manage their security policy so it's not a bad idea ot be explicit in expectations. The policy is to either use GitHub's builtin reporting system, or email MacVim's team (in case that's the preferred method or the reporter does not want to have a GitHub account). The most important thing is to not use the public GitHub issue filing. I don't think this will be used too much, but given that MacVim (and Vim) can read arbitrary file, there is always a potential for a security issue to pop up. --- .github/SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000000..428e8142a1 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +**Please do not report security vulnerabilities through public GitHub issues.** + +To report a security vulnerability for MacVim, please either email security@macvim.org, or visit https://github.com/macvim-dev/macvim/security/advisories/new.