Re: [PATCH] git manpage: note git-security@xxxxxxxxxxxxxxxx
Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes:
> Add a mention of the security mailing list to the "Reporting Bugs"
> section. There's a mention of this list at
> https://git-scm.com/community but none in git.git itself.
This is quite a sensible thing to do.
> The copy is pasted from the git-scm.com website. Let's use the same
> wording in both places.
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
> Someone at Git Merge mentioned that our own docs have no mention of
> how to report security issues. Perhaps this should be in
> SubmittingPatches too, but I couldn't figure out how that magical
> footnote format works.
The "Notes from the maintainer" posted periodically here for
developers does mention it, and I do agree with you that
SubmittingPatches is a good place to add it, as it is a document
that is targetted more towards developers. But this is a good first
> Documentation/git.txt | 3 +++
> 1 file changed, 3 insertions(+)
> diff --git a/Documentation/git.txt b/Documentation/git.txt
> index 8163b5796b..4767860e72 100644
> --- a/Documentation/git.txt
> +++ b/Documentation/git.txt
> @@ -849,6 +849,9 @@ Report bugs to the Git mailing list <git@xxxxxxxxxxxxxxx> where the
> development and maintenance is primarily done. You do not have to be
> subscribed to the list to send a message there.
> +Issues which are security relevant should be disclosed privately to
> +the Git Security mailing list <git-security@xxxxxxxxxxxxxxxx>.
> SEE ALSO
> linkgit:gittutorial, linkgit:gittutorial-2,