From b775becc68a36db4e587b8171d447c085bbafa73 Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Wed, 26 Feb 2020 16:29:04 -0800 Subject: [PATCH] docs: Change our security contact to security@. This has for a while been our only active Google Groups mailing list, and given that folks will guess security@ as our security contact, we might as well just standardize on that. Also tweak some ambiguous text; it wouldn't be appropriate for us to issue a CVE for e.g. an operational issue only affecting us. --- CONTRIBUTING.md | 5 +++-- docs/production/security-model.md | 21 ++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 910c67da2a..eb0c6600bc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -213,8 +213,9 @@ and how to reproduce it if known, your browser/OS if relevant, and a if appropriate. **Reporting security issues**. Please do not report security issues - publicly, including on public streams on chat.zulip.org. You can email - zulip-security@googlegroups.com. We create a CVE for every security issue. + publicly, including on public streams on chat.zulip.org. You can + email security@zulipchat.com. We create a CVE for every security + issue in our released software. ## User feedback diff --git a/docs/production/security-model.md b/docs/production/security-model.md index b226d66b2a..3cc938353b 100644 --- a/docs/production/security-model.md +++ b/docs/production/security-model.md @@ -1,13 +1,12 @@ # Security Model -This section attempts to document the Zulip security model. -It likely does not cover every issue; if -there are details you're curious about, please feel free to ask -questions in [#production help](https://chat.zulip.org/#narrow/stream/31-production-help) -on the [Zulip community server](../contributing/chat-zulip-org.md) -(or if you think -you've found a security bug, please report it to -zulip-security@googlegroups.com so we can do a responsible security +This section attempts to document the Zulip security model. It likely +does not cover every issue; if there are details you're curious about, +please feel free to ask questions in [#production +help](https://chat.zulip.org/#narrow/stream/31-production-help) on the +[Zulip community server](../contributing/chat-zulip-org.md) (or if you +think you've found a security bug, please report it to +security@zulipchat.com so we can do a responsible security announcement). ## Secure your Zulip server like your email server @@ -244,9 +243,9 @@ strength allowed is controlled by two settings in ## Final notes and security response If you find some aspect of Zulip that seems inconsistent with this -security model, please report it to zulip-security@googlegroups.com so -that we can investigate and coordinate an appropriate security release -if needed. +security model, please report it to security@zulipchat.com so that we +can investigate and coordinate an appropriate security release if +needed. Zulip security announcements will be sent to zulip-announce@googlegroups.com, so you should subscribe if you are