Thomas Gummerer wrote:
> Add a mention of the security mailing list to the README.
> 2caa7b8d27 ("git manpage: note git-security@xxxxxxxxxxxxxxxx",
> 2018-03-08) already added it to the man page, but I suspect that for
> many developers, such as myself, the README would be the first place
> to go looking for it.
>
> Use the same wording as we already have on the git-scm.com website and
> in the man page.
>
> Signed-off-by: Thomas Gummerer <t.gummerer@xxxxxxxxx>
> ---
> README.md | 3 +++
> 1 file changed, 3 insertions(+)
Reviewed-by: Jonathan Nieder <jrnieder@xxxxxxxxx>
> 2caa7b8d27 ("git manpage: note git-security@xxxxxxxxxxxxxxxx",
> 2018-03-08) also mentions SubmittingPatches, but I think people are
> much more likely to submit a report of a security issue first, rather
> than sending a patch, for which I think the README is more useful.
I don't see a mention of SubmittingPatches in "git show 2caa7b8d27"
output. git help git tells me:
Report bugs to the Git mailing list <git@xxxxxxxxxxxxxxx>
where the development and maintenance is primarily done. You
do not have to be subscribed to the list to send a message
there.
Issues which are security relevant should be disclosed
privately to the Git Security mailing list
<git-security@xxxxxxxxxxxxxxxx>.
Do you mean that the discussion around that change suggested updating
SubmittingPatches too? The "Sending your patches" section indeed
mentions git@xxxxxxxxxxxxxxx, so a mention of the security list would
indeed be welcome there, even though typically the discussion has
already started there before a patch is written.
Thanks,
Jonathan
