Add security.md

[Carreau]

Yes, me. They do triage first that's it's a real report though.

On Wed, Nov 8, 2023 at 18:30 Thomas Kluyver @.***> wrote:

@.**** commented on this pull request.

In SECURITY.md https://github.com/pypa/flit/pull/665#discussion_r1386974993:

@@ -0,0 +1,24 @@ +# Security Policy + +## Supported Versions + +Only the latest non-prerelease version is supported. + +## Security contact information + +To report a security vulnerability + +### Directly on GitHub + +You can also directly propose a GitHub security advisory on the Flit Security page of github: + +https://github.com/pypa/flit/security

⬇️ Suggested change

-https://github.com/pypa/flit/security +https://github.com/pypa/flit/security

Also, neat, I hadn't seen this feature before. :-)

In SECURITY.md https://github.com/pypa/flit/pull/665#discussion_r1386976253:

+Only the latest non-prerelease version is supported. + +## Security contact information + +To report a security vulnerability + +### Directly on GitHub + +You can also directly propose a GitHub security advisory on the Flit Security page of github: + +https://github.com/pypa/flit/security + +### via Tidelift: + +You can use the +Tidelift security contact. Tidelift will coordinate the

So just to check, who do tidelift get in touch with? Is it you? Or is there another layer to go through?

— Reply to this email directly, view it on GitHub https://github.com/pypa/flit/pull/665#pullrequestreview-1720909466, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACR5T2Z46F4K3MSIRRMS6DYDO6SVAVCNFSM6AAAAAA7C5YQZKVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTOMRQHEYDSNBWGY . You are receiving this because you authored the thread.Message ID: @.***>