From f725f885d0cad28d896fa6aecc3549af311bc01e Mon Sep 17 00:00:00 2001
From: Johann150 <johann@qwertqwefsday.eu>
Date: Fri, 4 Feb 2022 20:10:07 +0100
Subject: [PATCH] add security policy

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..4a33d05
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of Agate is supported at any time.
+
+## Reporting a Vulnerability
+
+Please report issues that you deem to be a security issue by email to johann at qwertqwefsday.eu.
+
+You may use OpenPGP encryption with the public key available at either
+- <https://github.com/Johann150/Johann150/blob/main/johann-qwertqwefsday-eu.asc>
+- through web key discovery, e.g. `gpg --locate-keys ...`
+- or the above manually at <https://qwertqwefsday.eu/.well-known/openpgpkey/hu/spd3xecxhotzgyu1p3eqdqdp31ba6rif>
+
+All these public keys should be identical. If you wish for an encrypted response, include instructions on how to obtain your public key in the email.
+
+Please allow at least 24 hours for a response.
+If your issue is easy to fix, you might not get a response until the issue is fixed.
+Otherwise, the receipt of your report should be acknowledged.
+
+If you did not receive a reply within the above time frame, please email another maintainer listed in the `Cargo.toml` file, citing that you did not yet receive a reply.
+Only limited support may be available.
+
+## Compensation
+
+There is no bug bounty or other rewards program.
+At your option, you may be mentioned by your name or pseudonym in the changelog.