From e4a8740c789970178b81162349e4b33104b6f482 Mon Sep 17 00:00:00 2001
From: Daniel Shahaf <d.s@daniel.shahaf.name>
Date: Mon, 5 Apr 2021 22:32:41 +0000
Subject: 48410: FAQ, METAFAQ: Mention zsh-security@.

---
 ChangeLog          | 3 +++
 Doc/Zsh/metafaq.yo | 8 +++++++-
 Etc/FAQ.yo         | 5 +++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 461bfeacb..1c7a88bff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2021-04-08  Daniel Shahaf  <d.s@daniel.shahaf.name>
 
+	* 48410: Doc/Zsh/metafaq.yo, Etc/FAQ.yo: FAQ, METAFAQ: Mention
+	zsh-security@.
+
 	* 48379: Src/subst.c, Test/D04parameter.ztst: Make the parameter
 	expansion subscript flags parse error message, "error in flags",
 	identify the location of the parse error.
diff --git a/Doc/Zsh/metafaq.yo b/Doc/Zsh/metafaq.yo
index e69a0976c..ca7f26adf 100644
--- a/Doc/Zsh/metafaq.yo
+++ b/Doc/Zsh/metafaq.yo
@@ -34,7 +34,7 @@ uref(http://zsh.sourceforge.net/).
 texinode(Mailing Lists)(The Zsh FAQ)(Availability)(Introduction)
 sect(Mailing Lists)
 cindex(mailing lists)
-Zsh has 3 mailing lists:
+Zsh has several mailing lists:
 
 startitem()
 item(tt(<zsh-announce@zsh.org>))(
@@ -47,6 +47,12 @@ User discussions.
 item(tt(<zsh-workers@zsh.org>))(
 Hacking, development, bug reports and patches.
 )
+item(tt(<zsh-security@zsh.org>))(
+Private mailing list (the general public cannot subscribe to it) for discussing
+bug reports with security implications, i.e., potential vulnerabilities.
+
+If you find a security problem in zsh itself, please mail this address.
+)
 enditem()
 
 To subscribe or unsubscribe, send mail
diff --git a/Etc/FAQ.yo b/Etc/FAQ.yo
index 3e90a6c4e..171b2f9d7 100644
--- a/Etc/FAQ.yo
+++ b/Etc/FAQ.yo
@@ -2542,6 +2542,11 @@ label(62)
   )
   (posting to the last one is currently restricted).
 
+  Finally, there is a private mailing list (the general public cannot subscribe
+  to it) for discussing bug reports with security implications, i.e., potential
+  vulnerabilities: mytt(zsh-security@zsh.org).  If you find a security problem
+  in zsh itself, please mail this address.
+
   Note that you should only join one of these lists:  people on
   zsh-workers receive all the lists, and people on zsh-users will
   also receive the announcements list.
-- 
cgit 1.4.1