Add a mention of the security mailing list to the README.
2caa7b8d27 ("git manpage: note [email protected]",
2018-03-08) already added it to the man page, but I suspect that for
many developers, such as myself, the README would be the first place
to go looking for it.Use the same wording as we already have on the git-scm.com website and in the man page. Signed-off-by: Thomas Gummerer <[email protected]> --- 2caa7b8d27 ("git manpage: note [email protected]", 2018-03-08) also mentions SubmittingPatches, but I think people are much more likely to submit a report of a security issue first, rather than sending a patch, for which I think the README is more useful. README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index f17af66a97..f920a42fad 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,9 @@ the body to [email protected]. The mailing list archives are available at <https://public-inbox.org/git/>, <http://marc.info/?l=git> and other archival sites. +Issues which are security relevant should be disclosed privately to +the Git Security mailing list <[email protected]>. + The maintainer frequently sends the "What's cooking" reports that list the current status of various development topics to the mailing list. The discussion following them give a good reference for -- 2.17.0.921.gf22659ad46
