Add security documentation (python#403)

AlexWaygood · May 16, 2024 · 910141a · 910141a
1 parent 0dbc7c9
commit 910141a
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest release is supported.
+
+## Reporting a Vulnerability
+
+To report an issue, go to https://github.com/python/typing_extensions/security.
+We commit to respond to any issue within 14 days and promptly release any fixes.
diff --git a/doc/index.rst b/doc/index.rst
@@ -1216,3 +1216,23 @@ versions of Python, but all are listed here for completeness.
    See :py:func:`typing.no_type_check_decorator`.
 
    .. versionadded:: 4.7.0
+
+Security
+--------
+
+``typing_extensions`` is among the most widely used packages in the
+Python ecosystem. Therefore, we take security seriously and strive
+to use a transparent, secure release process.
+
+We commit to the following in order to keep the package secure in the
+future:
+
+* ``typing_extensions`` will never include any native extensions, only
+  pure Python code.
+* ``typing_extensions`` will not have any third-party dependencies.
+* We will follow best practices for a secure release process.
+
+If you have any feedback on our security process, please `open an issue
+<https://github.com/python/typing_extensions/issues/new>`__. To report
+an issue privately, use `GitHub's private reporting feature
+<https://github.com/python/typing_extensions/security>`__.