From: Luca Boccassi Date: Tue, 17 Mar 2026 18:26:04 +0000 (+0000) Subject: docs: update security policy to suggest GH advisories X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3236700a675cf4052bdef9b58ec0dd3d61b29f7c;p=thirdparty%2Fsystemd.git docs: update security policy to suggest GH advisories --- diff --git a/docs/SECURITY.md b/docs/SECURITY.md index f9f2e91ad68..0993f85da2b 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -8,11 +8,13 @@ SPDX-License-Identifier: LGPL-2.1-or-later # Reporting of Security Vulnerabilities If you discover a security vulnerability, we'd appreciate a non-public disclosure. -systemd developers can be contacted privately on the **[systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list**. +systemd developers can be contacted privately by creating a new **[Security Advisory on GitHub](https://github.com/systemd/systemd/security/advisories/new)** +or via the **[systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list**. The disclosure will be coordinated with distributions. (The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public.) -Subscription to the systemd-security mailing list is open to **regular systemd contributors and people working in the security teams of various distributions**. +Subscription to the Security Advisories and/or systemd-security mailing list is open to **regular systemd contributors and people working in the security teams of various distributions**. Those conditions should be backed by publicly accessible information (ideally, a track of posts and commits from the mail address in question). -If you fall into one of those categories and wish to be subscribed, submit a **[subscription request](https://www.redhat.com/mailman/listinfo/systemd-security)**. +If you fall into one of those categories and wish to be subscribed, +contact the maintainers or submit a **[subscription request](https://www.redhat.com/mailman/listinfo/systemd-security)**.