List security contacts

We still don't have a security@ alias; listing personal emails is unfortunately the next-best thing.
author: Simon McVittie <smcv@debian.org> 2016-12-19 16:23:54 +0000
committer: Simon McVittie <smcv@debian.org> 2016-12-19 18:21:07 +0000
commit: 2a9e9f13f6583ba04bca06750373d462985c5ccb (patch)
tree: d05a00a01c1b4c75a27be1fe5f972b9f7a12a16c /doc/security.mdwn
parent: da395ac33cec337edcbaccd3c8631a948f029155 (diff)
download: ikiwiki-2a9e9f13f6583ba04bca06750373d462985c5ccb.tar
ikiwiki-2a9e9f13f6583ba04bca06750373d462985c5ccb.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 6d68fac00..e4851ecf5 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -1,11 +1,16 @@
-Let's do an ikiwiki security analysis.
-
 If you are using ikiwiki to render pages that only you can edit, do not
 generate any wrappers, and do not use the cgi, then there are no more
 security issues with this program than with cat(1). If, however, you let
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 
+If you find a new security vulnerability, please email the maintainers
+privately instead of listing it in a public bug tracker, so that we can
+arrange for coordinated disclosure when a fix is available. The maintainers
+are [[Joey Hess|joey]] (<joey@kitenet.net>),
+[[Simon McVittie|smcv]] (<smcv@debian.org>)
+and [[Amitai Schleier|schmonz]] (`schmonz-web-ikiwiki schmonz com`).
+
 [[!toc levels=2]]
 
 ----
author	Simon McVittie <smcv@debian.org>	2016-12-19 16:23:54 +0000
committer	Simon McVittie <smcv@debian.org>	2016-12-19 18:21:07 +0000
commit	2a9e9f13f6583ba04bca06750373d462985c5ccb (patch)
tree	d05a00a01c1b4c75a27be1fe5f972b9f7a12a16c /doc/security.mdwn
parent	da395ac33cec337edcbaccd3c8631a948f029155 (diff)
download	ikiwiki-2a9e9f13f6583ba04bca06750373d462985c5ccb.tar ikiwiki-2a9e9f13f6583ba04bca06750373d462985c5ccb.tar.gz