Home Explore Help
Register Sign In
Apq
/
Docker-official-images
mirror of https://github.com/docker-library/official-images.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Update security issues documentation (and add new "SECURITY.md")

Tianon Gravi 3 years ago
parent
e4d779a6eb
commit
caba02d1b2
2 changed files with 10 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      README.md
  2. 9 0
      SECURITY.md

+ 1 - 1
README.md
View File 

@@ -305,7 +305,7 @@ Official Repositories that require additional privileges should specify the mini
 
 
 For image updates which constitute a security fix, there are a few things we recommend to help ensure your update is merged, built, and released as quickly as possible:
 
 
-1.	[Contact us](MAINTAINERS) a few days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately).
 
+1.	[Send an email to `[email protected]`](mailto:[email protected]) a few (business) days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately).
 
 2.	Include `[security]` in the title of your pull request (for example, `[security] Update FooBar to 1.2.5, 1.3.7, 2.0.1`).
 
 3.	Keep the pull request free of changes that are unrelated to the security fix -- we'll still be doing review of the update, but it will be expedited so this will help us help you.
 
 4.	Be active and responsive to comments on the pull request after it's opened (as usual, but even more so if the timing of the release is of importance).

+ 9 - 0
SECURITY.md
View File 

@@ -0,0 +1,9 @@
 
+# Security Policy
 
+
 
+If you believe you have found a security vulnerability, please make every effort to report it to the appropriate maintainers responsibly so that it can be fixed discreetly (also known as "embargo").
 
+
 
+When the issue relates to a specific image, please make an effort to (privately) contact the maintainers of that specific image.  Some maintainers publish/maintain a `SECRUITY.md` in their GitHub repository, for example, which can be a great place to find information about how to report an issue appropriately.
 
+
 
+For issues related to anything maintained under [@docker-library on GitHub](https://github.com/docker-library) or associated infrastructure, please [send an email to `[email protected]`](mailto:[email protected]).
 
+
 
+Image maintainers should also be aware of the ["Security Releases" section of the maintainer documentation](https://github.com/docker-library/official-images#security-releases) for pre-notifying the project maintainers of upcoming security-related releases.