From e573c669e449d3bbcad71bc01e2d4f7e250e8a09 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 17 Apr 2023 10:04:18 -0700 Subject: [PATCH] Update DOI security email address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We now have a Docker alias for this 🎉 --- README.md | 2 +- SECURITY.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bdcfc6bd69720..44181cdbf515c 100644 --- a/README.md +++ b/README.md @@ -301,7 +301,7 @@ Official Repositories that require additional privileges should specify the mini For image updates which constitute a security fix, there are a few things we recommend to help ensure your update is merged, built, and released as quickly as possible: -1. [Send an email to `doi-security@infosiftr.com`](mailto:doi-security@infosiftr.com) a few (business) days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately). +1. [Send an email to `doi@docker.com`](mailto:doi@docker.com) a few (business) days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately). 2. Include `[security]` in the title of your pull request (for example, `[security] Update FooBar to 1.2.5, 1.3.7, 2.0.1`). 3. Keep the pull request free of changes that are unrelated to the security fix -- we'll still be doing review of the update, but it will be expedited so this will help us help you. 4. Be active and responsive to comments on the pull request after it's opened (as usual, but even more so if the timing of the release is of importance). diff --git a/SECURITY.md b/SECURITY.md index 930fbb8717021..85a16b0ea3248 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,6 +4,6 @@ If you believe you have found a security vulnerability, please make every effort When the issue relates to a specific image, please make an effort to (privately) contact the maintainers of that specific image. Some maintainers publish/maintain a `SECRUITY.md` in their GitHub repository, for example, which can be a great place to find information about how to report an issue appropriately. -For issues related to anything maintained under [@docker-library on GitHub](https://github.com/docker-library) or associated infrastructure, please [send an email to `doi-security@infosiftr.com`](mailto:doi-security@infosiftr.com). +For issues related to anything maintained under [@docker-library on GitHub](https://github.com/docker-library) or associated infrastructure, please [send an email to `doi@docker.com`](mailto:doi@docker.com) or [use GitHub's security advisory feature](https://github.com/docker-library/official-images/security/advisories/new). Image maintainers should also be aware of the ["Security Releases" section of the maintainer documentation](https://github.com/docker-library/official-images#security-releases) for pre-notifying the project maintainers of upcoming security-related releases.