From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8196BC38A2D for ; Tue, 25 Oct 2022 00:40:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229851AbiJYAkw (ORCPT ); Mon, 24 Oct 2022 20:40:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230157AbiJYAkh (ORCPT ); Mon, 24 Oct 2022 20:40:37 -0400 Received: from pb-smtp20.pobox.com (pb-smtp20.pobox.com [173.228.157.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A75AF72FD3 for ; Mon, 24 Oct 2022 16:08:54 -0700 (PDT) Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id 594E81CC067; Mon, 24 Oct 2022 19:08:51 -0400 (EDT) (envelope-from junio@pobox.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=sasl; bh=VHdmmWE90jD9UH6c7xaUQiRUyPQBwma5MDvoy1 uynpo=; b=k36AGDC063xsPnY6EWsOrYNuE1ecOzkHzv89wKByduFFeS92oTXSB3 ykK4yt10kyxh3pcUnpjPwFLcotsipcduA8TR3AG4DvsWiIktBkrAJ0JE6tH5JlrY +9Px/0U1ueqZZGCuYQlBBhnOpIg2MeLvwthC0asCd7zO83A3C4/DA= Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id 5254F1CC066; Mon, 24 Oct 2022 19:08:51 -0400 (EDT) (envelope-from junio@pobox.com) Received: from pobox.com (unknown [34.83.5.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 81DB11CC065; Mon, 24 Oct 2022 19:08:48 -0400 (EDT) (envelope-from junio@pobox.com) From: Junio C Hamano To: "Julia Ramer via GitGitGadget" Cc: git@vger.kernel.org, git-security@googlegroups.com, Johannes Schindelin , Julia Ramer , Keanen Wold , Veronica Giaudrone , Bri Brothers , Taylor Blau , Julia Ramer Subject: Re: [PATCH v4] embargoed releases: also describe the git-security list and the process References: Date: Mon, 24 Oct 2022 16:08:47 -0700 In-Reply-To: (Julia Ramer via GitGitGadget's message of "Mon, 24 Oct 2022 22:07:19 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: D134A792-53F0-11ED-AC83-C2DA088D43B2-77302942!pb-smtp20.pobox.com Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org "Julia Ramer via GitGitGadget" writes: > From: Julia Ramer > > With the recent turnover on the git-security list, questions came up how > things are usually run. Rather than answering questions individually, > extend Git's existing documentation about security vulnerabilities to > describe the git-security mailing list, how things are run on that list, > and what to expect throughout the process from the time a security bug > is reported all the way to the time when a fix is released. > > Helped-by: Junio C Hamano > Helped-by: Taylor Blau > Signed-off-by: Julia Ramer > --- > embargoed releases: also describe the git-security list and the process > > Changes since v3: > > * minor formatting corrections > * clarified the language based on v3 feedback Thanks, this version I am happy with.