Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: Change our security contact to security@. 

This has for a while been our only active Google Groups mailing list,
and given that folks will guess security@ as our security contact, we
might as well just standardize on that.

Also tweak some ambiguous text; it wouldn't be appropriate for us to
issue a CVE for e.g. an operational issue only affecting us.
This commit is contained in:
Tim Abbott 2020-02-26 16:29:04 -08:00
parent 2fb967b735
commit b775becc68
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CONTRIBUTING.md
View File

@ -213,8 +213,9 @@ and how to reproduce it if known, your browser/OS if relevant, and a
if appropriate.
**Reporting security issues**. Please do not report security issues
publicly, including on public streams on chat.zulip.org. You can email
zulip-security@googlegroups.com. We create a CVE for every security issue.
publicly, including on public streams on chat.zulip.org. You can
email security@zulipchat.com. We create a CVE for every security
issue in our released software.
## User feedback

21
docs/production/security-model.md
View File

@ -1,13 +1,12 @@
# Security Model
This section attempts to document the Zulip security model.
It likely does not cover every issue; if
there are details you're curious about, please feel free to ask
questions in [#production help](https://chat.zulip.org/#narrow/stream/31-production-help)
on the [Zulip community server](../contributing/chat-zulip-org.md)
(or if you think
you've found a security bug, please report it to
zulip-security@googlegroups.com so we can do a responsible security
This section attempts to document the Zulip security model. It likely
does not cover every issue; if there are details you're curious about,
please feel free to ask questions in [#production
help](https://chat.zulip.org/#narrow/stream/31-production-help) on the
[Zulip community server](../contributing/chat-zulip-org.md) (or if you
think you've found a security bug, please report it to
security@zulipchat.com so we can do a responsible security
announcement).
## Secure your Zulip server like your email server
@ -244,9 +243,9 @@ strength allowed is controlled by two settings in
## Final notes and security response
If you find some aspect of Zulip that seems inconsistent with this
security model, please report it to zulip-security@googlegroups.com so
that we can investigate and coordinate an appropriate security release
if needed.
security model, please report it to security@zulipchat.com so that we
can investigate and coordinate an appropriate security release if
needed.
Zulip security announcements will be sent to
zulip-announce@googlegroups.com, so you should subscribe if you are