Re: [PATCH v2 2/2] note git-secur...@googlegroups.com in more places
On 05/30, brian m. carlson wrote:
> On Wed, May 30, 2018 at 09:52:55PM +0100, Thomas Gummerer wrote:
> > Add a mention of the security mailing list to the README, and to
> > Documentation/SubmittingPatches.. 2caa7b8d27 ("git manpage: note
> > git-secur...@googlegroups.com", 2018-03-08) already added it to the
> > man page, but for developers either the README, or the documentation
> > on how to contribute (SubmittingPatches) may be the first place to
> > look.
> >
> > Use the same wording as we already have on the git-scm.com website and
> > in the man page for the README, while the wording is adjusted in
> > SubmittingPatches to match the surrounding document better.
> >
> > Signed-off-by: Thomas Gummerer
> > ---
> > Documentation/SubmittingPatches | 13 +
> > README.md | 3 +++
> > 2 files changed, 16 insertions(+)
> >
> > diff --git a/Documentation/SubmittingPatches
> > b/Documentation/SubmittingPatches
> > index 27553128f5..c8f9deb391 100644
> > --- a/Documentation/SubmittingPatches
> > +++ b/Documentation/SubmittingPatches
> > @@ -176,6 +176,12 @@ that is fine, but please mark it as such.
> > [[send-patches]]
> > === Sending your patches.
> >
> > +:security-ml: footnoteref:[security-ml,The Git Security mailing list:
> > git-secur...@googlegroups.com]
> > +
> > +Before sending any patches, please note that patches that may be
> > +security relevant should be submitted privately to the Git Security
> > +mailing list{security-ml}, instead of the public mailing list.
> > +
> > Learn to use format-patch and send-email if possible. These commands
> > are optimized for the workflow of sending patches, avoiding many ways
> > your existing e-mail client that is optimized for "multipart/*" mime
> > @@ -259,6 +265,13 @@ patch, format it as "multipart/signed", not a
> > text/plain message
> > that starts with `-BEGIN PGP SIGNED MESSAGE-`. That is
> > not a text/plain, it's something else.
> >
> > +:security-ml-ref: footnoteref:[security-ml]
>
> My only feedback here is that using the footnoteref syntax to refer to
> the previous footnote potentially makes this a little less readable for
> plain text users, although it also reduces duplication. I'm not sure I
> feel strongly one way or the other on this.
Yeah, using the plain footnote syntax we end up with two footnotes
that are exactly the same, which felt a little awkward. But I don't
feel strongly either, so if the consensus is to duplicate the footnote
for better readability in plain text I'm happy to change that.
To really improve the readability we'd probably have to duplicate the
attribute as well, which I wanted to avoid (altough it's not
completely possible with the footnoteref syntax either).
> Otherwise, this looked fine to me.
> --
> brian m. carlson: Houston, Texas, US
> OpenPGP: https://keybase.io/bk2204
Re: [PATCH v2 2/2] note git-secur...@googlegroups.com in more places
On Wed, May 30, 2018 at 09:52:55PM +0100, Thomas Gummerer wrote:
> Add a mention of the security mailing list to the README, and to
> Documentation/SubmittingPatches.. 2caa7b8d27 ("git manpage: note
> git-secur...@googlegroups.com", 2018-03-08) already added it to the
> man page, but for developers either the README, or the documentation
> on how to contribute (SubmittingPatches) may be the first place to
> look.
>
> Use the same wording as we already have on the git-scm.com website and
> in the man page for the README, while the wording is adjusted in
> SubmittingPatches to match the surrounding document better.
>
> Signed-off-by: Thomas Gummerer
> ---
> Documentation/SubmittingPatches | 13 +
> README.md | 3 +++
> 2 files changed, 16 insertions(+)
>
> diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
> index 27553128f5..c8f9deb391 100644
> --- a/Documentation/SubmittingPatches
> +++ b/Documentation/SubmittingPatches
> @@ -176,6 +176,12 @@ that is fine, but please mark it as such.
> [[send-patches]]
> === Sending your patches.
>
> +:security-ml: footnoteref:[security-ml,The Git Security mailing list:
> git-secur...@googlegroups.com]
> +
> +Before sending any patches, please note that patches that may be
> +security relevant should be submitted privately to the Git Security
> +mailing list{security-ml}, instead of the public mailing list.
> +
> Learn to use format-patch and send-email if possible. These commands
> are optimized for the workflow of sending patches, avoiding many ways
> your existing e-mail client that is optimized for "multipart/*" mime
> @@ -259,6 +265,13 @@ patch, format it as "multipart/signed", not a text/plain
> message
> that starts with `-BEGIN PGP SIGNED MESSAGE-`. That is
> not a text/plain, it's something else.
>
> +:security-ml-ref: footnoteref:[security-ml]
My only feedback here is that using the footnoteref syntax to refer to
the previous footnote potentially makes this a little less readable for
plain text users, although it also reduces duplication. I'm not sure I
feel strongly one way or the other on this.
Otherwise, this looked fine to me.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
[PATCH v2 2/2] note git-secur...@googlegroups.com in more places
Add a mention of the security mailing list to the README, and to
Documentation/SubmittingPatches.. 2caa7b8d27 ("git manpage: note
git-secur...@googlegroups.com", 2018-03-08) already added it to the
man page, but for developers either the README, or the documentation
on how to contribute (SubmittingPatches) may be the first place to
look.
Use the same wording as we already have on the git-scm.com website and
in the man page for the README, while the wording is adjusted in
SubmittingPatches to match the surrounding document better.
Signed-off-by: Thomas Gummerer
---
Documentation/SubmittingPatches | 13 +
README.md | 3 +++
2 files changed, 16 insertions(+)
diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
index 27553128f5..c8f9deb391 100644
--- a/Documentation/SubmittingPatches
+++ b/Documentation/SubmittingPatches
@@ -176,6 +176,12 @@ that is fine, but please mark it as such.
[[send-patches]]
=== Sending your patches.
+:security-ml: footnoteref:[security-ml,The Git Security mailing list:
git-secur...@googlegroups.com]
+
+Before sending any patches, please note that patches that may be
+security relevant should be submitted privately to the Git Security
+mailing list{security-ml}, instead of the public mailing list.
+
Learn to use format-patch and send-email if possible. These commands
are optimized for the workflow of sending patches, avoiding many ways
your existing e-mail client that is optimized for "multipart/*" mime
@@ -259,6 +265,13 @@ patch, format it as "multipart/signed", not a text/plain
message
that starts with `-BEGIN PGP SIGNED MESSAGE-`. That is
not a text/plain, it's something else.
+:security-ml-ref: footnoteref:[security-ml]
+
+As mentioned at the beginning of the section, patches that may be
+security relevant should not be submitted to the public mailing list
+mentioned below, but should instead be sent privately to the Git
+Security mailing list{security-ml-ref}.
+
Send your patch with "To:" set to the mailing list, with "cc:" listing
people who are involved in the area you are touching (the `git
contacts` command in `contrib/contacts/` can help to
diff --git a/README.md b/README.md
index f17af66a97..f920a42fad 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,9 @@ the body to majord...@vger.kernel.org. The mailing list
archives are
available at and other archival sites.
+Issues which are security relevant should be disclosed privately to
+the Git Security mailing list .
+
The maintainer frequently sends the "What's cooking" reports that
list the current status of various development topics to the mailing
list. The discussion following them give a good reference for
--
2.17.0.1181.g093e983b0
