@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest non-prerelease version is supported.
+
+## Security contact information
+
+To report a security vulnerability
+
+### Directly on GitHub
+
+You can also directly propose a GitHub security advisory on the Flit Security page of github:
+
+https://github.com/pypa/flit/security
+Only the latest non-prerelease version is supported.
+
+## Security contact information
+
+To report a security vulnerability
+
+### Directly on GitHub
+
+You can also directly propose a GitHub security advisory on the Flit Security page of github:
+
+https://github.com/pypa/flit/security
+
+### via Tidelift:
+
+You can use the
+Tidelift security contact. Tidelift will coordinate the
So just to check, who do tidelift get in touch with? Is it you? Or is
there another layer to go through?
Yes, me. They do triage first that's it's a real report though.
On Wed, Nov 8, 2023 at 18:30 Thomas Kluyver @.***> wrote: