ilyagr.bsky.social / jj
just playing with tangled
fork atom

SECURITY.md: insert an explicit URL

The previous "on this page" statement is wrong more often than not.
Unfortunately there is no "Report a vulnerability" button on
https://github.com/jj-vcs/jj/security/policy, and looking for such a
button from https://github.com/jj-vcs/jj?tab=security-ov-file leads to
confusion.

This is not the end of the world, but I don't see much security downside
to clarifying it (that is, I don't think *not* having a link protects
against phishing in any real way).

Ilya Grigoriev 6c2ad683 4ba316d9

options
unified split
Changed files
+6 -3
SECURITY.md
+6 -3
SECURITY.md
··· 1 1 To report a security issue, please use the "Report a vulnerability" button on 2 - this page. Our vulnerability management team will respond within 3 working days 3 - of your report. If the issue is confirmed as a vulnerability, we will open a 4 - Security Advisory. This project follows a 90 day disclosure timeline. 2 + GitHub's Security tab for `jj`'s main repo, under 3 + [Advisories](https://github.com/jj-vcs/jj/security/advisories). 4 + 5 + Our vulnerability management team will respond within 3 working days of your 6 + report. If the issue is confirmed as a vulnerability, we will open a Security 7 + Advisory. This project follows a 90 day disclosure timeline. 5 8 6 9 Feel free to email Jujutsu VCS Security at <jj-security@googlegroups.com> if you 7 10 have questions.