launchpad-reviewers team mailing list archive

[Alvaro Crespo Serrano <mp+474252@xxxxxxxxxxxxxxxxxx>]

Alvaro Crespo Serrano has proposed merging ~alvarocs/launchpad-buildd:add_security_md_file into launchpad-buildd:master.

Commit message:
Add SECURITY.md file with security policy

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~alvarocs/launchpad-buildd/+git/launchpad-buildd/+merge/474252
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~alvarocs/launchpad-buildd:add_security_md_file into launchpad-buildd:master.

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..7054e2f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Launchpad Security Policy
+
+If you discover a security vulnerability, please follow the steps outlined below to report it:
+
+1. **Do not** publicly disclose the vulnerability before discussing it with us.
+2. Contact us via email at [feedback@xxxxxxxxxxxxx](mailto:feedback@xxxxxxxxxxxxx).
+3. Provide detailed information about the vulnerability, including:
+   - A description of the vulnerability.
+   - Steps to reproduce the issue.
+   - Potential impact and affected versions.
+   - Suggested mitigations, if possible.
+
+The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about what you can expect when you contact us and what we expect from you.
+
+The Launchpad team will be notified of the issue and review the vulnerability. We may reach out to you for further information or clarification if needed. If the issue is confirmed as a valid security vulnerability, we will assign a CVE and coordinate the release of the fix.