Web lists-archives.com

Re: [PATCH] git manpage: note git-security@xxxxxxxxxxxxxxxx

Ævar Arnfjörð Bjarmason  <avarab@xxxxxxxxx> writes:

> Add a mention of the security mailing list to the "Reporting Bugs"
> section. There's a mention of this list at
> https://git-scm.com/community but none in git.git itself.

This is quite a sensible thing to do.

> The copy is pasted from the git-scm.com website. Let's use the same
> wording in both places.
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
> ---
> Someone at Git Merge mentioned that our own docs have no mention of
> how to report security issues. Perhaps this should be in
> SubmittingPatches too, but I couldn't figure out how that magical
> footnote format works.

The "Notes from the maintainer" posted periodically here for
developers does mention it, and I do agree with you that
SubmittingPatches is a good place to add it, as it is a document
that is targetted more towards developers.  But this is a good first

Will queue.

>  Documentation/git.txt | 3 +++
>  1 file changed, 3 insertions(+)
> diff --git a/Documentation/git.txt b/Documentation/git.txt
> index 8163b5796b..4767860e72 100644
> --- a/Documentation/git.txt
> +++ b/Documentation/git.txt
> @@ -849,6 +849,9 @@ Report bugs to the Git mailing list <git@xxxxxxxxxxxxxxx> where the
>  development and maintenance is primarily done.  You do not have to be
>  subscribed to the list to send a message there.
> +Issues which are security relevant should be disclosed privately to
> +the Git Security mailing list <git-security@xxxxxxxxxxxxxxxx>.
> +
>  --------
>  linkgit:gittutorial[7], linkgit:gittutorial-2[7],