Add section on reporting security vulnerabilities through Tidelift.

author: Jason R. Coombs <jaraco@jaraco.com> 2019-03-19 08:52:44 -0400
committer: Jason R. Coombs <jaraco@jaraco.com> 2019-03-19 08:52:48 -0400
commit: d8b901bc15e2e365c7994cd65758f4181f3d9175 (patch)
tree: 28a082fe17cafb694f4590f5a913389e8cc12a9b
parent: 4cd3da049027b6321a56ca4724c3a072d1c32cd1 (diff)
download: python-setuptools-git-d8b901bc15e2e365c7994cd65758f4181f3d9175.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/README.rst b/README.rst
index bfbaaad8..dac8a468 100644
--- a/README.rst
+++ b/README.rst
@@ -29,6 +29,10 @@ Bug reports and especially tested patches may be
 submitted directly to the `bug tracker
 <https://github.com/pypa/setuptools/issues>`_.
 
+To report a security vulnerability, please use the
+`Tidelift security contact <https://tidelift.com/security>`_.
+Tidelift will coordinate the fix and disclosure.
+
 
 Code of Conduct
 ---------------
author	Jason R. Coombs <jaraco@jaraco.com>	2019-03-19 08:52:44 -0400
committer	Jason R. Coombs <jaraco@jaraco.com>	2019-03-19 08:52:48 -0400
commit	d8b901bc15e2e365c7994cd65758f4181f3d9175 (patch)
tree	28a082fe17cafb694f4590f5a913389e8cc12a9b
parent	4cd3da049027b6321a56ca4724c3a072d1c32cd1 (diff)
download	python-setuptools-git-d8b901bc15e2e365c7994cd65758f4181f3d9175.tar.gz