README: Note to send security reports via DBus's mechanism

This avoids duplicating effort.
author: Colin Walters <walters@verbum.org> 2015-06-04 08:41:36 -0400
committer: Miloslav Trmač <mitr@redhat.com> 2015-06-23 18:58:04 +0200
commit: ccec766c509d16dab417582e94f43d906cefd4ae (patch)
tree: 269c20966fd3dccde1dff40e0a976aeb185e57ef
parent: efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 (diff)
download: polkit-ccec766c509d16dab417582e94f43d906cefd4ae.tar.gz
1 files changed, 17 insertions, 1 deletions
diff --git a/README b/README
index b075162..0723002 100644
--- a/README
+++ b/README
@@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command
 BUGS and DEVELOPMENT
 ====================
 
-Please report bugs via the freedesktop.org bugzilla at
+Please report non-security bugs via the freedesktop.org bugzilla at
 
  https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit
+
+SECURITY ISSUES
+===============
+
+polkit uses the same mechanism for reporting security issues as dbus,
+the most recent copy of instructions can be found in the DBus git
+repository:
+
+http://cgit.freedesktop.org/dbus/dbus/tree/HACKING
+
+A copy of the instructions as of 2015-06-04:
+
+If you find a security vulnerability that is not known to the public,
+please report it privately to dbus-security@lists.freedesktop.org
+or by reporting a freedesktop.org bug that is marked as
+restricted to the "D-BUS security group".
author	Colin Walters <walters@verbum.org>	2015-06-04 08:41:36 -0400
committer	Miloslav Trmač <mitr@redhat.com>	2015-06-23 18:58:04 +0200
commit	ccec766c509d16dab417582e94f43d906cefd4ae (patch)
tree	269c20966fd3dccde1dff40e0a976aeb185e57ef
parent	efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 (diff)
download	polkit-ccec766c509d16dab417582e94f43d906cefd4ae.tar.gz