jj/SECURITY.md

To report a security issue, please
email [Jujutsu VCS Security](jj-security@googlegroups.com)
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue. Our vulnerability
management team will respond within 3 working days of your email. If the issue
is confirmed as a vulnerability, we will open a Security Advisory. This project
follows a 90 day disclosure timeline.
docs: add a SECURITY.md I've set up a jj-security@googlegroups.com list. The template comes from Google's internal web. I have no experience with GitHub's Security Advisory database, but it seems like a good practice, so let's use it. 2023-03-10 21:59:37 +03:00			`To report a security issue, please`
			`email [Jujutsu VCS Security](jj-security@googlegroups.com)`
			`with a description of the issue, the steps you took to create the issue,`
			`affected versions, and, if known, mitigations for the issue. Our vulnerability`
			`management team will respond within 3 working days of your email. If the issue`
			`is confirmed as a vulnerability, we will open a Security Advisory. This project`
			`follows a 90 day disclosure timeline.`