diff options
Diffstat (limited to 'docs/SECURITY.md')
-rw-r--r-- | docs/SECURITY.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/SECURITY.md b/docs/SECURITY.md new file mode 100644 index 0000000000..a44b90de89 --- /dev/null +++ b/docs/SECURITY.md @@ -0,0 +1,14 @@ +--- +title: Reporting of Security Vulnerabilities +category: Contributing +layout: default +SPDX-License-Identifier: LGPL-2.1-or-later +--- + +# Reporting of Security Vulnerabilities + +If you discover a security vulnerability, we'd appreciate a non-public disclosure. systemd developers can be contacted privately on the **[systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list**. The disclosure will be coordinated with distributions. + +(The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public.) + +Subscription to the systemd-security mailing list is open to **regular systemd contributors and people working in the security teams of various distributions**. Those conditions should be backed by publicly accessible information (ideally, a track of posts and commits from the mail address in question). If you fall into one of those categories and wish to be subscribed, submit a **[subscription request](https://www.redhat.com/mailman/listinfo/systemd-security)**. |