Merge branch 'security' into gh-pages

1 files changed, 36 insertions, 0 deletions

diff --git a/docs/running/security.md b/docs/running/security.md
new file mode 100644
index 000000000..a22c4d636
--- /dev/null
+++ b/docs/running/security.md
@@ -0,0 +1,36 @@
+---
+layout: page
+title: Security & Maintenance
+---
+
+# Security & Maintenance
+
+<p class="lead">
+  Support of Alaveteli is divided into four groups: New features, bug fixes, security issues, and severe security issues. They are handled as follows:
+</p>
+
+## New Features
+
+Only the [latest development branch](https://github.com/mysociety/alaveteli/tree/rails-3-develop/) gets new features which will be released in the next main release.
+
+## Bug Fixes
+
+- Only the current release will receive bug fixes
+- Bug fixes will get a new release (e.g. `0.19.0` gets a new release to `0.19.1`)
+- Bug fixes will be applied to current development branch
+
+## Security Issues
+
+- The current release, previous release and current development branch will receive fixes
+- Security issues will get a new release (e.g. `0.19.0` gets a new release to `0.19.1`) for the current and previous releases
+- Generic patch will be posted to the mailing list
+
+## Severe Security Issues
+
+- Severe is determined by the Alaveteli core team
+- The current release, previous release and current development branch will receive fixes
+- Severe security issues will get a new release (e.g. `0.19.0` gets a new release to `0.19.1`) for supported versions
+- Generic patch will be posted to the mailing list
+- All releases known to be in production will receive patches and every effort will be made to contact known re-users for a private disclosure
+
+