forked from mirrors/jj
b6cac0c6aa
I've set up a jj-security@googlegroups.com list. The template comes from Google's internal web. I have no experience with GitHub's Security Advisory database, but it seems like a good practice, so let's use it.
7 lines
443 B
Markdown
7 lines
443 B
Markdown
To report a security issue, please
|
|
email [Jujutsu VCS Security](jj-security@googlegroups.com)
|
|
with a description of the issue, the steps you took to create the issue,
|
|
affected versions, and, if known, mitigations for the issue. Our vulnerability
|
|
management team will respond within 3 working days of your email. If the issue
|
|
is confirmed as a vulnerability, we will open a Security Advisory. This project
|
|
follows a 90 day disclosure timeline.
|