* doc/security.rdoc: Add note about reporting security vulns

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40574 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-05-03 22:21:34 +00:00 · 2013-05-03 22:21:34 +00:00 · 5835461b16
commit 5835461b16
parent b2580fb21d
2 changed files with 9 additions and 0 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+Sat May  4 07:20:00 2013  Zachary Scott  <zachary@zacharyscott.net>
+
+	* doc/security.rdoc: Add note about reporting security vulns
+
 Sat May  4 04:13:27 2013  KOSAKI Motohiro  <kosaki.motohiro@gmail.com>

 	* include/ruby/defines.h (RUBY_ATTR_ALLOC_SIZE): New for
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@ -10,6 +10,11 @@ Please check the full list of publicly known CVEs and how to correctly report a
 security vulnerability, at: http://www.ruby-lang.org/en/security/
 Japanese version is here: http://www.ruby-lang.org/ja/security/

+Security vulnerabilities should be reported via an email to
+mailto:security@ruby-lang.org ({the PGP public
+key}[http://www.ruby-lang.org/security.asc]), which is a private mailing list.
+Reported problems will be published after fixes.
+
 == <code>$SAFE</code>

 Ruby provides a mechanism to restrict what operations can be performed by Ruby