doc: Improve security reporting guidelines

See #7524
author: Florian Bruhin <me@the-compiler.org> 2022-12-13 14:24:32 +0100
committer: Florian Bruhin <me@the-compiler.org> 2022-12-13 14:24:32 +0100
commit: 9bf258c8f8fa2c255be92535a64fd356146d8482 (patch)
tree: 90a4a3747a209cb1faee154775bf7041e38ecb24 /README.asciidoc
parent: 5afc8a68191160f8d5c74b92874a0032d3c1996e (diff)
download: qutebrowser-9bf258c8f8fa2c255be92535a64fd356146d8482.tar.gz
qutebrowser-9bf258c8f8fa2c255be92535a64fd356146d8482.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/README.asciidoc b/README.asciidoc
index d68268316..d6ac29cfa 100644
--- a/README.asciidoc
+++ b/README.asciidoc
@@ -66,8 +66,14 @@ ways:
 https://listi.jpberlin.de/mailman/listinfo/qutebrowser[mailinglist] at
 mailto:qutebrowser@lists.qutebrowser.org[].
 
-For security bugs, please contact me directly at mail@qutebrowser.org, GPG ID
-https://www.the-compiler.org/pubkey.asc[0x916eb0c8fd55a072].
+Please report security bugs to security@qutebrowser.org
+(or if GPG encryption is desired, contact me@the-compiler.org with GPG ID
+https://www.the-compiler.org/pubkey.asc[0x916EB0C8FD55A072]).
+
+Alternatively,
+https://github.com/qutebrowser/qutebrowser/security/advisories/new[report a vulnerability]
+via GitHub's
+https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability[private reporting feature].
 
 Requirements
 ------------
author	Florian Bruhin <me@the-compiler.org>	2022-12-13 14:24:32 +0100
committer	Florian Bruhin <me@the-compiler.org>	2022-12-13 14:24:32 +0100
commit	9bf258c8f8fa2c255be92535a64fd356146d8482 (patch)
tree	90a4a3747a209cb1faee154775bf7041e38ecb24 /README.asciidoc
parent	5afc8a68191160f8d5c74b92874a0032d3c1996e (diff)
download	qutebrowser-9bf258c8f8fa2c255be92535a64fd356146d8482.tar.gz qutebrowser-9bf258c8f8fa2c255be92535a64fd356146d8482.zip