On 11/27/2014 06:50 AM, Jonathan Nieder wrote: > Hi Hugh, > > Hugh Davenport wrote: > >> Where is the best place to report a security vulnerability in git? > > Current practice is to contact Junio C Hamano <gitster@xxxxxxxxx>. > Cc-ing Jeff King <peff@xxxxxxxx> isn't a bad idea while at it. > > We should probably set up a mailing list to make this more obvious, > but that's what we have today. Hi Hugh, I maintain a somewhat widely used access control program for remote access to git, so I'm interested also. Gitolite [1] and similar systems provide access control for git repos. There's a very good chance that something which is not a concern for "local" use, could become an attack vector if enabled through gitolite. Hence my interest, and my request that I be copied. Jonathan/Junio/Jeff: if such a mailing list does happen please consider adding me into it. regards sitaram [1]: https://gitolite.com -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html