Thomas Gummerer wrote: > Add a mention of the security mailing list to the README. > 2caa7b8d27 ("git manpage: note git-secur...@googlegroups.com", > 2018-03-08) already added it to the man page, but I suspect that for > many developers, such as myself, the README would be the first place > to go looking for it. > > Use the same wording as we already have on the git-scm.com website and > in the man page. > > Signed-off-by: Thomas Gummerer <t.gumme...@gmail.com> > --- > README.md | 3 +++ > 1 file changed, 3 insertions(+)
Reviewed-by: Jonathan Nieder <jrnie...@gmail.com> > 2caa7b8d27 ("git manpage: note git-secur...@googlegroups.com", > 2018-03-08) also mentions SubmittingPatches, but I think people are > much more likely to submit a report of a security issue first, rather > than sending a patch, for which I think the README is more useful. I don't see a mention of SubmittingPatches in "git show 2caa7b8d27" output. git help git tells me: Report bugs to the Git mailing list <git@vger.kernel.org> where the development and maintenance is primarily done. You do not have to be subscribed to the list to send a message there. Issues which are security relevant should be disclosed privately to the Git Security mailing list <git-secur...@googlegroups.com>. Do you mean that the discussion around that change suggested updating SubmittingPatches too? The "Sending your patches" section indeed mentions git@vger.kernel.org, so a mention of the security list would indeed be welcome there, even though typically the discussion has already started there before a patch is written. Thanks, Jonathan