please report security issues to the vim-security list

Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
index 3c974209309ca52dbae4420990cec732aa3670e4..d1acf94df1ae9eea000c5fd92494e9dfdcf470df 100644 (file)
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -9,8 +9,10 @@ body:
       value: |
         Thanks for reporting issues of Vim!
 
-        If you want to report a security issue, instead of reporting it here
-        please disclose it privately to cb@256bit.org
+        If you want to report a security issue, instead of reporting it here publicly,
+        please disclose it privately via mail to vim-security@googlegroups.com.
+        (It's a private list read only by the maintainers,
+        but anybody can post, after moderation.)
         
         To make it easier for us to help you please enter detailed information below.
   - type: textarea

diff --git a/SECURITY.md b/SECURITY.md
index 67548bb00d84b53d82c53ed9bdf86fc7168f8027..7d1e0166c9c19379b3dfcfbe79a7628aa68e2cd2 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,6 +2,9 @@
 
 ## Reporting a vulnerability
 
-If you want to report a security issue, please privately disclose the issue to the current maintainer cb@256bit.org
+If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
+vim-security@googlegroups.com
+
+This is a private list, read only by the maintainers, but anybody can post, after moderation.
 
 **Please don't publicly disclose the issue until it has been addressed by us.**