"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > The Git project doesn't ship OpenSSL, or, for that matter, any binaries > at all. All we ship is source versions of Git which various > distributors compile, sometimes with other binaries. > > It looks like you're probably using Git for Windows, which _does_ ship > OpenSSL, and so you probably want to contact them using their issue > tracker[0] once you've verified that it hasn't already been reported. > > [0] https://github.com/git-for-windows/git Thanks for giving a response like the above, tirelessly every time something similar pops out. I've been wondering if we can somehow reduce the occurrence of such an issue in the first place. Elaborating a bit more in the "Reporting bugs" section of the documentation landing page is probably the 0-th step, and if people agree that it is going in the right direction, perhaps we would extend it to include something similar to the top of the "git bugreport" template, by futzing with the implementation of builtin/bugreport.c:get_bug_template(), and we can even encourage customizing it by distribution. Comments? Thanks. Documentation/git.txt | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git c/Documentation/git.txt w/Documentation/git.txt index 4489e2297a..495467ac1e 100644 --- c/Documentation/git.txt +++ w/Documentation/git.txt @@ -1149,14 +1149,31 @@ the authors for specific parts of the project. Reporting Bugs -------------- +First, thanks for noticing that there may be a problem in Git, and +be willing to share it to help the larger user base. + +Issues which are security relevant should be disclosed privately to +the Git Security mailing list <git-security@xxxxxxxxxxxxxxxx> and +not on any other public mailing list. + Report bugs to the Git mailing list <git@xxxxxxxxxxxxxxx> where the development and maintenance is primarily done. You do not have to be subscribed to the list to send a message there. See the list archive at https://lore.kernel.org/git for previous bug reports and other discussions. -Issues which are security relevant should be disclosed privately to -the Git Security mailing list <git-security@xxxxxxxxxxxxxxxx>. +The Git project does not distribute anything but the source code to +Git. Folks like Debian, Ubuntu, and Git for Windows project make +binary package to install, and may include software other than Git +(e.g. OpenSSL and Bash) in their packages. Please report bugs in +components *other* *than* *Git* *itself* in such a package to the +respective packagers, not to the Git mailing list. How to report +bugs in some sample binary packages are found here: + + Git for Windoes: https://github.com/git-for-windows/git + Ubuntu: https://help.ubuntu.com/stable/ubuntu-help/report-ubuntu-bug.html.en + Debian: https://www.debian.org/Bugs/Reporting + SEE ALSO --------
