Add a mention of the security mailing list to the README, and to
Documentation/SubmittingPatches..  2caa7b8d27 ("git manpage: note
git-security@googlegroups.com", 2018-03-08) already added it to the
man page, but for developers either the README, or the documentation
on how to contribute (SubmittingPatches) may be the first place to
look.

Use the same wording as we already have on the git-scm.com website and
in the man page for the README, while the wording is adjusted in
SubmittingPatches to match the surrounding document better.

Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Thomas Gummerer 2018-05-30 21:52:55 +01:00 committed by Junio C Hamano
parent a27cd1ab7f
commit 2a00502b14
2 changed files with 16 additions and 0 deletions

View File

@ -176,6 +176,12 @@ that is fine, but please mark it as such.
[[send-patches]]
=== Sending your patches.
:security-ml: footnoteref:[security-ml,The Git Security mailing list: git-security@googlegroups.com]
Before sending any patches, please note that patches that may be
security relevant should be submitted privately to the Git Security
mailing list{security-ml}, instead of the public mailing list.
Learn to use format-patch and send-email if possible. These commands
are optimized for the workflow of sending patches, avoiding many ways
your existing e-mail client that is optimized for "multipart/*" mime
@ -259,6 +265,13 @@ patch, format it as "multipart/signed", not a text/plain message
that starts with `-----BEGIN PGP SIGNED MESSAGE-----`. That is
not a text/plain, it's something else.
:security-ml-ref: footnoteref:[security-ml]
As mentioned at the beginning of the section, patches that may be
security relevant should not be submitted to the public mailing list
mentioned below, but should instead be sent privately to the Git
Security mailing list{security-ml-ref}.
Send your patch with "To:" set to the mailing list, with "cc:" listing
people who are involved in the area you are touching (the output from
`git blame $path` and `git shortlog --no-merges $path` would help to

View File

@ -36,6 +36,9 @@ the body to majordomo@vger.kernel.org. The mailing list archives are
available at <https://public-inbox.org/git/>,
<http://marc.info/?l=git> and other archival sites.
Issues which are security relevant should be disclosed privately to
the Git Security mailing list <git-security@googlegroups.com>.
The maintainer frequently sends the "What's cooking" reports that
list the current status of various development topics to the mailing
list. The discussion following them give a good reference for