SECURITY.md: note on where to report security bugs

Part-of: <https://gitlab.gnome.org/GNOME/librsvg/-/merge_requests/706>
author: Federico Mena Quintero <federico@gnome.org> 2022-06-10 14:49:32 -0500
committer: Federico Mena Quintero <federico@gnome.org> 2022-06-10 14:50:53 -0500
commit: a8bb0f7cf7b3f5055c1f8775c51495b11eabaa28 (patch)
tree: 58e27c5685d79858c011ce3d760afd19a626345a /SECURITY.md
parent: 112bd8db142b4bac191a1ba8b529f70de152f7c5 (diff)
download: librsvg-a8bb0f7cf7b3f5055c1f8775c51495b11eabaa28.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/SECURITY.md b/SECURITY.md
index 6cb8cf19..f9ae8781 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,8 +1,15 @@
+# Reporting security bugs
+
+Please mail the maintainer at federico@gnome.org.  You can use the GPG
+public key from https://viruta.org/docs/fmq-gpg.asc to send encrypted
+mail.
+
 # Librsvg releases with security fixes
 
-Note that releases with an odd minor number (e.g. 2.47.x since
-47 is odd) are considered development releases and should not be used
-in production systems.
+Librsvg releases have a version number like major.minor.micro. Note
+that releases with an odd minor number (e.g. 2.47.x since 47 is odd)
+are considered development releases and should not be used in
+production systems.
 
 The following list is only for stable release streams, where the minor
 number is even (e.g. 2.50.x).
author	Federico Mena Quintero <federico@gnome.org>	2022-06-10 14:49:32 -0500
committer	Federico Mena Quintero <federico@gnome.org>	2022-06-10 14:50:53 -0500
commit	a8bb0f7cf7b3f5055c1f8775c51495b11eabaa28 (patch)
tree	58e27c5685d79858c011ce3d760afd19a626345a /SECURITY.md
parent	112bd8db142b4bac191a1ba8b529f70de152f7c5 (diff)
download	librsvg-a8bb0f7cf7b3f5055c1f8775c51495b11eabaa28.tar.gz