README, HACKING: add some brief notes on reporting security vulnerabilities

We now have a private mailing list that can be the security contact.
author: Simon McVittie <simon.mcvittie@collabora.co.uk> 2014-11-14 19:14:13 +0000
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2014-11-14 19:14:13 +0000
commit: 34e5fdee4e5e43b8563e6e02b8bdc94c083b2f47 (patch)
tree: 96bb7635d3310786fb6eea365d2206926ef745b9 /HACKING
parent: 312274137b39dc63d079e7d85394a0ce28394a11 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/HACKING b/HACKING
index 8c993b66..2fed9e6c 100644
--- a/HACKING
+++ b/HACKING
@@ -11,6 +11,11 @@ of patches, etc. should go there.
 Security
 ===
 
+If you find a security vulnerability that is not known to the public,
+please report it privately to dbus-security@lists.freedesktop.org
+or by reporting a freedesktop.org bug that is marked as
+restricted to the "D-BUS security group".
+
 Most of D-Bus is security sensitive.  Guidelines related to that:
 
  - avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(),
author	Simon McVittie <simon.mcvittie@collabora.co.uk>	2014-11-14 19:14:13 +0000
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2014-11-14 19:14:13 +0000
commit	34e5fdee4e5e43b8563e6e02b8bdc94c083b2f47 (patch)
tree	96bb7635d3310786fb6eea365d2206926ef745b9 /HACKING
parent	312274137b39dc63d079e7d85394a0ce28394a11 (diff)