Add a mention of the security mailing list to the README.
2caa7b8d27 ("git manpage: note git-security@xxxxxxxxxxxxxxxx",
2018-03-08) already added it to the man page, but I suspect that for
many developers, such as myself, the README would be the first place
to go looking for it.
Use the same wording as we already have on the git-scm.com website and
in the man page.
Signed-off-by: Thomas Gummerer <t.gummerer@xxxxxxxxx>
---
2caa7b8d27 ("git manpage: note git-security@xxxxxxxxxxxxxxxx",
2018-03-08) also mentions SubmittingPatches, but I think people are
much more likely to submit a report of a security issue first, rather
than sending a patch, for which I think the README is more useful.
README.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.md b/README.md
index f17af66a97..f920a42fad 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,9 @@ the body to majordomo@xxxxxxxxxxxxxxx. The mailing list archives are
available at <https://public-inbox.org/git/>,
<http://marc.info/?l=git> and other archival sites.
+Issues which are security relevant should be disclosed privately to
+the Git Security mailing list <git-security@xxxxxxxxxxxxxxxx>.
+
The maintainer frequently sends the "What's cooking" reports that
list the current status of various development topics to the mailing
list. The discussion following them give a good reference for
--
2.17.0.921.gf22659ad46
