From: Phil Pennock Date: Wed, 19 Jun 2019 19:37:19 +0000 (-0400) Subject: Add a security page in a place where GitHub will detect it X-Git-Tag: exim-4.93-RC0~157 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=3ff0668bf4565e7f8ea4b843474ddb49cce46fed;p=exim.git Add a security page in a place where GitHub will detect it --- diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..5580a8cfc --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,30 @@ +# Security Policy + +## Supported Versions + +We are an open source project with no corporate sponsor and no formal +"support". In practice, we support the latest released version and work with +OS vendors to make it easy for them to backport fixes for their distributed +packages. For some security issues, we will issue a patch-release which has +just a simple fix. + +We also often have `exim_VERSION+fixes` branches with small things which we +recommend that vendors use. + +For postmasters installing Exim manually, we recommend always using the latest +released tarball. + +## Reporting a Vulnerability + +Our security page is at . +It contains the current contact point and list of PGP keys to use for +encrypting particularly sensitive information. +This also links to our documentation and the chapter on security +considerations. + +Our security release process is at +. +This covers what we do in handling vulnerability reports. + +We have no bug bounty program of our own; we're far too disparate a group of +volunteers for such things.