On Wed, May 30, 2018 at 09:52:55PM +0100, Thomas Gummerer wrote: > Add a mention of the security mailing list to the README, and to > Documentation/SubmittingPatches.. 2caa7b8d27 ("git manpage: note > git-security@googlegroups.com", 2018-03-08) already added it to the > man page, but for developers either the README, or the documentation > on how to contribute (SubmittingPatches) may be the first place to > look. > > Use the same wording as we already have on the git-scm.com website and > in the man page for the README, while the wording is adjusted in > SubmittingPatches to match the surrounding document better. > > Signed-off-by: Thomas Gummerer > --- > Documentation/SubmittingPatches | 13 +++++++++++++ > README.md | 3 +++ > 2 files changed, 16 insertions(+) > > diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches > index 27553128f5..c8f9deb391 100644 > --- a/Documentation/SubmittingPatches > +++ b/Documentation/SubmittingPatches > @@ -176,6 +176,12 @@ that is fine, but please mark it as such. > [[send-patches]] > === Sending your patches. > > +:security-ml: footnoteref:[security-ml,The Git Security mailing list: git-security@googlegroups.com] > + > +Before sending any patches, please note that patches that may be > +security relevant should be submitted privately to the Git Security > +mailing list{security-ml}, instead of the public mailing list. > + > Learn to use format-patch and send-email if possible. These commands > are optimized for the workflow of sending patches, avoiding many ways > your existing e-mail client that is optimized for "multipart/*" mime > @@ -259,6 +265,13 @@ patch, format it as "multipart/signed", not a text/plain message > that starts with `-----BEGIN PGP SIGNED MESSAGE-----`. That is > not a text/plain, it's something else. > > +:security-ml-ref: footnoteref:[security-ml] My only feedback here is that using the footnoteref syntax to refer to the previous footnote potentially makes this a little less readable for plain text users, although it also reduces duplication. I'm not sure I feel strongly one way or the other on this. Otherwise, this looked fine to me. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204