Commit: SECURITY.md: clarify the use of AI
6 views
Skip to first unread message
Christian Brabandt
6:47 AM (14 hours ago) 6:47 AM
to vim...@googlegroups.com
SECURITY.md: clarify the use of AI
Commit: https://github.com/vim/vim/commit/2c976d0de48db4ee56769669edbc8875564d3453
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Apr 1 10:33:42 2026 +0000
SECURITY.md: clarify the use of AI
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/SECURITY.md b/SECURITY.md
index 7d1e0166c..9d1ecf35a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,9 +2,16 @@
## Reporting a vulnerability
-If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
-vim-se...@googlegroups.com
-
-This is a private list, read only by the maintainers, but anybody can post, after moderation.
+If you want to report a security issue, please privately disclose the issue either via:
+- The vim-security mailing list: vim-se...@googlegroups.com
+ This is a private list, read only by the maintainers, but anybody can post.
+- [GitHub Security Advisories](https://github.com/vim/vim/security/advisories/new)
**Please don't publicly disclose the issue until it has been addressed by us.**
+
+## Guidelines for reporting
+- Clearly explain **why** the behaviour is a security issue, not just that a bug exists.
+- Keep reports concise and focused.
+- Do not flood us with a list of issues. Report them one by one to ensure to not overwhelm us with the work load.
+- Do **not** submit AI-generated reports without carefully reviewing them first. Low-quality or
+ speculative reports waste maintainer time and will be closed without action, and repeat offenders **will be banned**.
Commit: https://github.com/vim/vim/commit/2c976d0de48db4ee56769669edbc8875564d3453
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Apr 1 10:33:42 2026 +0000
SECURITY.md: clarify the use of AI
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/SECURITY.md b/SECURITY.md
index 7d1e0166c..9d1ecf35a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,9 +2,16 @@
## Reporting a vulnerability
-If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
-vim-se...@googlegroups.com
-
-This is a private list, read only by the maintainers, but anybody can post, after moderation.
+If you want to report a security issue, please privately disclose the issue either via:
+- The vim-security mailing list: vim-se...@googlegroups.com
+ This is a private list, read only by the maintainers, but anybody can post.
+- [GitHub Security Advisories](https://github.com/vim/vim/security/advisories/new)
**Please don't publicly disclose the issue until it has been addressed by us.**
+
+## Guidelines for reporting
+- Clearly explain **why** the behaviour is a security issue, not just that a bug exists.
+- Keep reports concise and focused.
+- Do not flood us with a list of issues. Report them one by one to ensure to not overwhelm us with the work load.
+- Do **not** submit AI-generated reports without carefully reviewing them first. Low-quality or
+ speculative reports waste maintainer time and will be closed without action, and repeat offenders **will be banned**.
Reply all
Reply to author
Forward
0 new messages