summaryrefslogtreecommitdiff
path: root/SECURITY.md
diff options
context:
space:
mode:
authorTodd Gamblin <gamblin2@llnl.gov>2021-09-19 06:43:14 -0700
committerGitHub <noreply@github.com>2021-09-19 06:43:14 -0700
commit4f8b643404edf5aaa8814f01a805a2e61644bf58 (patch)
tree38d728da5913bba151cde283a6411a98e0f98433 /SECURITY.md
parentc2f42a6f09a4528313d82af2a0776aa57061b088 (diff)
downloadspack-4f8b643404edf5aaa8814f01a805a2e61644bf58.tar.gz
spack-4f8b643404edf5aaa8814f01a805a2e61644bf58.tar.bz2
spack-4f8b643404edf5aaa8814f01a805a2e61644bf58.tar.xz
spack-4f8b643404edf5aaa8814f01a805a2e61644bf58.zip
Create SECURITY.md
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md24
1 files changed, 24 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..f6a5230087
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+We provide security updates for the following releases.
+For more on Spack's release structure, see
+[`README.md`](https://github.com/spack/spack#releases).
+
+
+| Version | Supported |
+| ------- | ------------------ |
+| develop | :white_check_mark: |
+| 0.16.x | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To report a vulnerability or other security
+issue, email maintainers@spack.io.
+
+You can expect to hear back within two days.
+If your security issue is accepted, we will do
+our best to release a fix within a week. If
+fixing the issue will take longer than this,
+we will discuss timeline options with you.