docs: link to security.libvirt.org website

We forgot to tell anyone that we were publishing security notices
online at https://security.libvirt.org

Reviewed-by: Laine Stump <laine@laine.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/docs/securityprocess.html.in b/docs/securityprocess.html.in
index 2bab07bf3964a28e7ebe3034741b0b8cbc4f56ba..adf30259b0e7023afd1bbf1602be31665d277fd7 100644 (file)
--- a/docs/securityprocess.html.in
+++ b/docs/securityprocess.html.in
@@ -37,6 +37,19 @@
       moderator and the reporter copied on any replies.
     </p>
 
+    <h2><a id="secnotice">Security notices</a></h2>
+
+    <p>
+      Information for all historical security issues is maintained in
+      machine parsable format in the
+      <a href="https://libvirt.org/git/?p=libvirt-security-notice.git;a=log">libvirt-security-notice GIT repository</a> and
+      <a href="https://security.libvirt.org">published online</a>
+      in text, HTML and XML formats. Security notices are published
+      on the <a href="https://libvirt.org/contact.html#email">libvirt-announce mailing list</a>
+      when any embargo is lifted, or as soon as triaged if already
+      public knowledge.
+    </p>
+
     <h2><a id="seclist">Security team</a></h2>
 
     <p>
@@ -102,12 +115,5 @@
       will be responsible for backporting the officially published fixes to
       other release branches where applicable.
     </p>
-
-    <h2><a id="notification">Notification of issues</a></h2>
-
-    <p>
-      When an embargo expires, security issues will be announced on both
-      the libvirt development and announcement <a href="https://libvirt.org/contact.html#email">mailing lists</a>.
-    </p>
   </body>
 </html>