Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes: > Add a mention of the security mailing list to the "Reporting Bugs" > section. There's a mention of this list at > https://git-scm.com/community but none in git.git itself. This is quite a sensible thing to do. > > The copy is pasted from the git-scm.com website. Let's use the same > wording in both places. > > Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> > --- > Someone at Git Merge mentioned that our own docs have no mention of > how to report security issues. Perhaps this should be in > SubmittingPatches too, but I couldn't figure out how that magical > footnote format works. The "Notes from the maintainer" posted periodically here for developers does mention it, and I do agree with you that SubmittingPatches is a good place to add it, as it is a document that is targetted more towards developers. But this is a good first step. Will queue. > > Documentation/git.txt | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/Documentation/git.txt b/Documentation/git.txt > index 8163b5796b..4767860e72 100644 > --- a/Documentation/git.txt > +++ b/Documentation/git.txt > @@ -849,6 +849,9 @@ Report bugs to the Git mailing list <git@xxxxxxxxxxxxxxx> where the > development and maintenance is primarily done. You do not have to be > subscribed to the list to send a message there. > > +Issues which are security relevant should be disclosed privately to > +the Git Security mailing list <git-security@xxxxxxxxxxxxxxxx>. > + > SEE ALSO > -------- > linkgit:gittutorial[7], linkgit:gittutorial-2[7],
