cybercyst/jj
1
0
Fork 0
mirror of https://github.com/martinvonz/jj.git synced 2025-05-05 15:32:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY.md: insert an explicit URL

Browse Source 
The previous "on this page" statement is wrong more often than not.
Unfortunately there is no "Report a vulnerability" button on
https://github.com/jj-vcs/jj/security/policy, and looking for such a
button from https://github.com/jj-vcs/jj?tab=security-ov-file leads to
confusion.

This is not the end of the world, but I don't see much security downside
to clarifying it (that is, I don't think *not* having a link protects
against phishing in any real way).
This commit is contained in:
Ilya Grigoriev 2025-01-27 23:43:20 -08:00
parent 4ba316d9f7
commit 6c2ad68330
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
SECURITY.md
View File

@ -1,7 +1,10 @@
To report a security issue, please use the "Report a vulnerability" button on
this page. Our vulnerability management team will respond within 3 working days
of your report. If the issue is confirmed as a vulnerability, we will open a
Security Advisory. This project follows a 90 day disclosure timeline.
GitHub's Security tab for `jj`'s main repo, under
[Advisories](https://github.com/jj-vcs/jj/security/advisories).
Our vulnerability management team will respond within 3 working days of your
report. If the issue is confirmed as a vulnerability, we will open a Security
Advisory. This project follows a 90 day disclosure timeline.
Feel free to email Jujutsu VCS Security at <jj-security@googlegroups.com> if you
have questions.