summaryrefslogtreecommitdiff
path: root/Documentation/SubmittingPatches
diff options
context:
space:
mode:
authorLibravatar Thomas Gummerer <t.gummerer@gmail.com>2018-05-30 21:52:55 +0100
committerLibravatar Junio C Hamano <gitster@pobox.com>2018-06-01 09:24:11 +0900
commit2a00502b14cd88299c8e69abcedf8aadcfaaaa6e (patch)
treeeadf2b7b2bc0c7a801968ff786933bfd301aba8a /Documentation/SubmittingPatches
parentSubmittingPatches: replace numbered attributes with names (diff)
downloadtgif-2a00502b14cd88299c8e69abcedf8aadcfaaaa6e.tar.xz
note git-security@googlegroups.com in more places
Add a mention of the security mailing list to the README, and to Documentation/SubmittingPatches.. 2caa7b8d27 ("git manpage: note git-security@googlegroups.com", 2018-03-08) already added it to the man page, but for developers either the README, or the documentation on how to contribute (SubmittingPatches) may be the first place to look. Use the same wording as we already have on the git-scm.com website and in the man page for the README, while the wording is adjusted in SubmittingPatches to match the surrounding document better. Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/SubmittingPatches')
-rw-r--r--Documentation/SubmittingPatches13
1 files changed, 13 insertions, 0 deletions
diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
index 822d24741e..e61c9d5881 100644
--- a/Documentation/SubmittingPatches
+++ b/Documentation/SubmittingPatches
@@ -176,6 +176,12 @@ that is fine, but please mark it as such.
[[send-patches]]
=== Sending your patches.
+:security-ml: footnoteref:[security-ml,The Git Security mailing list: git-security@googlegroups.com]
+
+Before sending any patches, please note that patches that may be
+security relevant should be submitted privately to the Git Security
+mailing list{security-ml}, instead of the public mailing list.
+
Learn to use format-patch and send-email if possible. These commands
are optimized for the workflow of sending patches, avoiding many ways
your existing e-mail client that is optimized for "multipart/*" mime
@@ -259,6 +265,13 @@ patch, format it as "multipart/signed", not a text/plain message
that starts with `-----BEGIN PGP SIGNED MESSAGE-----`. That is
not a text/plain, it's something else.
+:security-ml-ref: footnoteref:[security-ml]
+
+As mentioned at the beginning of the section, patches that may be
+security relevant should not be submitted to the public mailing list
+mentioned below, but should instead be sent privately to the Git
+Security mailing list{security-ml-ref}.
+
Send your patch with "To:" set to the mailing list, with "cc:" listing
people who are involved in the area you are touching (the output from
`git blame $path` and `git shortlog --no-merges $path` would help to