From aff0aa3af81b13e611c08000ae0c1f1d840b6c3c Mon Sep 17 00:00:00 2001 From: Loic Bistuer Date: Tue, 16 Jul 2013 17:14:16 +0700 Subject: [PATCH] Rephrased the docs for reporting security issues to make it less intimidating. --- docs/internals/security.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/internals/security.txt b/docs/internals/security.txt index 7121ff31ec..486b2c9968 100644 --- a/docs/internals/security.txt +++ b/docs/internals/security.txt @@ -19,7 +19,7 @@ security@djangoproject.com**. Most normal bugs in Django are reported to `our public Trac instance`_, but due to the sensitive nature of security issues, we ask -that they *not* be publicly reported in this fashion. +that they **not** be publicly reported in this fashion. Instead, if you believe you've found something in Django which has security implications, please send a description of the issue via @@ -28,15 +28,17 @@ reaches a subset of the core development team, who can forward security issues into the private committers' mailing list for broader discussion if needed. -You can send encrypted email to this address; the public key ID for -``security@djangoproject.com`` is ``0xfcb84b8d1d17f80b``, and this -public key is available from most commonly-used keyservers. - Once you've submitted an issue via email, you should receive an acknowledgment from a member of the Django development team within 48 hours, and depending on the action to be taken, you may receive further followup emails. +.. note:: + + If you want to send an encrypted email (*optional*), the public key ID for + ``security@djangoproject.com`` is ``0xfcb84b8d1d17f80b``, and this public + key is available from most commonly-used keyservers. + .. _our public Trac instance: https://code.djangoproject.com/query .. _security-support: