1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

Merge pull request #13433 from keszybz/new-security-mailing-list

docs: new systemd-security mailing list
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-08-30 12:26:37 +02:00 committed by GitHub
commit 0cc0e2f65d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 2 deletions

4
NEWS
View File

@ -432,6 +432,10 @@ CHANGES WITH 243 in spe:
* IOWeight= has learnt to properly set the IO weight when using the * IOWeight= has learnt to properly set the IO weight when using the
BFQ scheduler officially found in kernels 5.0+. BFQ scheduler officially found in kernels 5.0+.
* A new mailing list has been created for reporting of security issues:
systemd-security@redhat.com. For mode details, see
https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey, Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris

View File

@ -8,7 +8,7 @@ We welcome contributions from everyone. However, please follow the following gui
## Filing Issues ## Filing Issues
* We use GitHub Issues **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact our [mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead. * We use [GitHub Issues](https://github.com/systemd/systemd/issues) **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
* We only track bugs in the **two** **most** **recently** **released** **versions** of systemd in the GitHub Issue tracker. If you are using an older version of systemd, please contact your distribution's bug tracker instead. * We only track bugs in the **two** **most** **recently** **released** **versions** of systemd in the GitHub Issue tracker. If you are using an older version of systemd, please contact your distribution's bug tracker instead.
* When filing an issue, specify the **systemd** **version** you are experiencing the issue with. Also, indicate which **distribution** you are using. * When filing an issue, specify the **systemd** **version** you are experiencing the issue with. Also, indicate which **distribution** you are using.
* Please include an explanation how to reproduce the issue you are pointing out. * Please include an explanation how to reproduce the issue you are pointing out.
@ -23,7 +23,7 @@ For older versions that are still supported by your distribution please use resp
## Security vulnerability reports ## Security vulnerability reports
If you discover a security vulnerability, we'd appreciate a non-public disclosure. The issue tracker and mailing list listed above are fully public. If you need to reach systemd developers in a non-public way, report the issue in one of the "big" distributions using systemd: [Fedora](https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=systemd) (be sure to check "Security Sensitive Bug" under "Show Advanced Fields"), [Ubuntu](https://launchpad.net/ubuntu/+source/systemd/+filebug) (be sure to change "This bug contains information that is" from "Public" to "Private Security"), or [Debian](mailto:security@debian.org). Various systemd developers are active distribution maintainers and will propagate the information about the bug to other parties. See [reporting of security vulnerabilities](SECURITY.md).
## Posting Pull Requests ## Posting Pull Requests

7
docs/SECURITY.md Normal file
View File

@ -0,0 +1,7 @@
---
title: Reporting of security vulnerabilities
---
# Reporting of security vulnerabilities
If you discover a security vulnerability, we'd appreciate a non-public disclosure. The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public. If you need to reach systemd developers in a non-public way, report the issue to the [systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list. The disclosure will be coordinated with distributions.