mkosi: Keep mkosi.default out of the repository.

[thirdparty/systemd.git] / docs / SECURITY.md

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
index 93847dcd8eccbd0f15c9b70d14e926189d30f5a3..bd2915bab6095f569ed42d1ff71a447ff00d1a1c 100644 (file)
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -1,7 +1,13 @@
 ---
-title: Reporting of security vulnerabilities
+title: Reporting of Security Vulnerabilities
+category: Contributing
+layout: default
 ---
 
-# Reporting of security vulnerabilities
+# Reporting of Security Vulnerabilities
 
-If you discover a security vulnerability, we'd appreciate a non-public disclosure. The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public. If you need to reach systemd developers in a non-public way, report the issue to the [systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list. The disclosure will be coordinated with distributions.
+If you discover a security vulnerability, we'd appreciate a non-public disclosure. systemd developers can be contacted privately on the **[systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list**. The disclosure will be coordinated with distributions.
+
+(The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public.)
+
+Subscription to the systemd-security mailing list is open to **regular systemd contributors and people working in the security teams of various distributions**. Those conditions should be backed by publicly accessible information (ideally, a track of posts and commits from the mail address in question). If you fall into one of those categories and wish to be subscribed, submit a **[subscription request](https://www.redhat.com/mailman/listinfo/systemd-security)**.