From: Simon McVittie <smcv@collabora.com>
Date: Tue, 6 Jun 2023 09:41:35 +0000 (+0100)
Subject: README: Mention not opening merge requests for security issues
X-Git-Tag: dbus-1.15.6~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=803e8aff8eb53a98713abfdc127107ae2ee8e655;p=thirdparty%2Fdbus.git

README: Mention not opening merge requests for security issues

The dbus maintainers can open confidential merge requests by using a
private git repository, but other contributors (including most security
researchers) cannot, so the safest simple recommendation is no merge
requests.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---

diff --git a/README b/README
index 330883d26..f83ab6f0e 100644
--- a/README
+++ b/README
@@ -38,6 +38,9 @@ please report it privately to dbus-security@lists.freedesktop.org
 or by reporting a Gitlab issue at
 https://gitlab.freedesktop.org/dbus/dbus/issues/new and marking it
 as "confidential".
+Please do not open merge requests for security issues: if you have a
+proposed patch, it can be discussed on the confidential issue or by
+private email.
 
 On Unix systems, the system bus (dbus-daemon --system) is designed
 to be a security boundary between users with different privileges.