On 23/12/2021 23:52, Junio C Hamano wrote: > I wonder if we should do something like this, for limited time like > a few months or so, so that we have something prominently shown at > places like https://github.com/git/git/ > > Signed-off-by: Junio C Hamano <gitster@xxxxxxxxx> > --- > README.md | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git c/README.md w/README.md > index f6f43e78de..76e99fe5bb 100644 > --- c/README.md > +++ w/README.md > @@ -7,6 +7,9 @@ Git is a fast, scalable, distributed revision control system with an > unusually rich command set that provides both high-level operations > and full access to internals. > > +No part of Git is written in Java, hence it is not susceptible to > +the log4j vulnerability that has been causing sensation recently. > + > Git is an Open Source project covered by the GNU General Public > License version 2 (some parts of it are under different licenses, > compatible with the GPLv2). It was originally written by Linus Would it be worth adding a section to the SECURITY.md file that could cover these 'non-issue' concerns. The README could point to the non-issue section. Just a thought. Philip
