6d8cf86476
In the past, we asked people to open a security bug on one of the "big" distros. This worked OK as far as getting bugs reported and notifying some upstream developers went. But we always had trouble getting information to all the appropriate parties, because each time a bug was reported, a big thread was created, with a growing CC list. People who were not CCed early enough were missing some information, etc. To clean this up, we decided to create a private mailing list. The natural place would be freedesktop.org, but unfortunately the request to create a mailing list wasn't handled (https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/134). And even if it was, at this point, if there was ever another administrative issue, it seems likely it could take months to resolve. So instead, we asked for a list to be created on the redhat mailservers. Please consider the previous security issue reporting mechanisms rescinded, and send any senstive bugs to systemd-security@redhat.com.
3.1 KiB
title
| title |
|---|
| Contributing |
Contributing
We welcome contributions from everyone. However, please follow the following guidelines when posting a GitHub Pull Request or filing a GitHub Issue on the systemd project:
Filing Issues
- We use GitHub Issues exclusively for tracking bugs and feature requests of systemd. If you are looking for help, please contact our mailing list instead.
- We only track bugs in the two most recently released versions of systemd in the GitHub Issue tracker. If you are using an older version of systemd, please contact your distribution's bug tracker instead.
- When filing an issue, specify the systemd version you are experiencing the issue with. Also, indicate which distribution you are using.
- Please include an explanation how to reproduce the issue you are pointing out.
Following these guidelines makes it easier for us to process your issue, and ensures we won't close your issue right-away for being misfiled.
Older downstream versions
For older versions that are still supported by your distribution please use respective downstream tracker:
- Fedora - bugzilla
- RHEL-7/CentOS-7 - bugzilla or systemd-rhel github
- Debian - bugs.debian.org
Security vulnerability reports
If you discover a security vulnerability, we'd appreciate a non-public disclosure. The issue tracker and mailing list listed above are fully public. If you need to reach systemd developers in a non-public way, report the issue to the systemd-security@redhat.com mailing list. The disclosure will be coordinated with distributions.
Posting Pull Requests
- Make sure to post PRs only relative to a very recent git master.
- Follow our Coding Style when contributing code. This is a requirement for all code we merge.
- Please make sure to test your change before submitting the PR. See the Hacking guide for details on how to do this.
- Make sure to run the test suite locally, before posting your PR. We use a CI system, meaning we don't even look at your PR, if the build and tests don't pass.
- If you need to update the code in an existing PR, force-push into the same branch, overriding old commits with new versions.
- After you have pushed a new version, add a comment about the new version (no notification is sent just for the commits, so it's easy to miss the update without an explicit comment). If you are a member of the systemd project on GitHub, remove the
reviewed/needs-reworklabel.
Final Words
We'd like to apologize in advance if we are not able to process and reply to your issue or PR right-away. We have a lot of work to do, but we are trying our best!
Thank you very much for your contributions!