Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
Apq
/
Docker-official-images
spogulis no https://github.com/docker-library/official-images.git
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Update security issues documentation (and add new "SECURITY.md")

Tianon Gravi 3 gadi atpakaļ
vecāks
e4d779a6eb
revīzija
caba02d1b2
2 mainītis faili ar 10 papildinājumiem un 1 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 1 1
      README.md
  2. 9 0
      SECURITY.md

+ 1 - 1
README.md
Parādīt failu 

@@ -305,7 +305,7 @@ Official Repositories that require additional privileges should specify the mini
 
 
 For image updates which constitute a security fix, there are a few things we recommend to help ensure your update is merged, built, and released as quickly as possible:
 
 
-1.	[Contact us](MAINTAINERS) a few days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately).
 
+1.	[Send an email to `[email protected]`](mailto:[email protected]) a few (business) days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately).
 
 2.	Include `[security]` in the title of your pull request (for example, `[security] Update FooBar to 1.2.5, 1.3.7, 2.0.1`).
 
 3.	Keep the pull request free of changes that are unrelated to the security fix -- we'll still be doing review of the update, but it will be expedited so this will help us help you.
 
 4.	Be active and responsive to comments on the pull request after it's opened (as usual, but even more so if the timing of the release is of importance).

+ 9 - 0
SECURITY.md
Parādīt failu 

@@ -0,0 +1,9 @@
 
+# Security Policy
 
+
 
+If you believe you have found a security vulnerability, please make every effort to report it to the appropriate maintainers responsibly so that it can be fixed discreetly (also known as "embargo").
 
+
 
+When the issue relates to a specific image, please make an effort to (privately) contact the maintainers of that specific image.  Some maintainers publish/maintain a `SECRUITY.md` in their GitHub repository, for example, which can be a great place to find information about how to report an issue appropriately.
 
+
 
+For issues related to anything maintained under [@docker-library on GitHub](https://github.com/docker-library) or associated infrastructure, please [send an email to `[email protected]`](mailto:[email protected]).
 
+
 
+Image maintainers should also be aware of the ["Security Releases" section of the maintainer documentation](https://github.com/docker-library/official-images#security-releases) for pre-notifying the project maintainers of upcoming security-related releases.