add security notes

.github/ISSUE_TEMPLATE/02-security-report.md

@@ -0,0 +1,20 @@
+---
+name: Security report
+about: Create a report related to security issues
+title: ''
+labels: security
+assignees: ''
+
+---
+
+## Summary
+
+A clear and concise description of what the issue is.
+
+### Steps to reproduce
+
+Steps to reproduce the behavior (commands, environment etc).
+
+### Intended impact
+
+Brief optional description of how this vulnerability can be used and which effects can be achieved. 

AUTHORS

@@ -1,2 +1,2 @@
-Current developers:
+Current maintainer:
-Evgenii Alekseev aka arcanis <esalexeev (at) gmail (dot) com>
+Evgenii Alekseev <esalexeev (at) gmail (dot) com>

Makefile

@@ -3,7 +3,7 @@
 
 PROJECT := ahriman
 
-FILES := AUTHORS CONTRIBUTING.md COPYING README.md docs package src setup.py tox.ini web.png
+FILES := AUTHORS CONTRIBUTING.md COPYING Makefile README.md SECURITY.md docs package src setup.py tox.ini web.png
 TARGET_FILES := $(addprefix $(PROJECT)/, $(FILES))
 IGNORE_FILES := package/archlinux src/.mypy_cache
 

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+The project follows bleeding edge philosophy, thus only the latest version is supported with the exception for release candidates (i.e. tags which are marked with `rc` suffix).
+
+## Reporting a Vulnerability
+
+In the most cases you can report (suspected) security vulnerabilities directly on github by using ["Security report" template](https://github.com/arcan1s/ahriman/issues/new?assignees=&labels=security&template=02-security-report.md&title=). However, if your report could lead to data leak or break the system we kindly ask you to contact [current maintainer](AUTHORS) directly by email.