systemd/docs/SECURITY.md
2024-03-27 07:12:01 +01:00

1.1 KiB

title category layout SPDX-License-Identifier
Reporting of Security Vulnerabilities Contributing default LGPL-2.1-or-later

Reporting of Security Vulnerabilities

If you discover a security vulnerability, we'd appreciate a non-public disclosure. systemd developers can be contacted privately on the systemd-security@redhat.com mailing list. The disclosure will be coordinated with distributions.

(The issue tracker and systemd-devel mailing list are fully public.)

Subscription to the systemd-security mailing list is open to regular systemd contributors and people working in the security teams of various distributions. Those conditions should be backed by publicly accessible information (ideally, a track of posts and commits from the mail address in question). If you fall into one of those categories and wish to be subscribed, submit a subscription request.