From ee2d176cb6ac20c936e555683a668ff564daf8f8 Mon Sep 17 00:00:00 2001
From: Jakub Kadlcik <frostyx@email.cz>
Date: Fri, 3 Jan 2025 10:45:19 +0100
Subject: [PATCH] doc: document how to report security issues

Fix #3520
---
 README.md                                                 | 1 +
 doc/index.rst                                             | 1 +
 frontend/coprs_frontend/coprs/templates/project_info.html | 1 +
 3 files changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 4f76f9b45..d0885969d 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@
 [**Documentation**](https://docs.pagure.org/copr.copr/) |
 [**Report a Bug**](https://bugzilla.redhat.com/enter_bug.cgi?product=Copr) |
 [**Already reported bugs**](https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&classification=Community&list_id=4678560&product=Copr&query_format=advanced) |
+[**Security issues**](https://github.com/fedora-copr/copr/security) |
 [**Fedora Copr**](https://copr.fedoraproject.org)
 
 Copr ("Community projects") is a service that builds your open-source projects and creates your own RPM repositories. See it in action [here](https://copr.fedoraproject.org).
diff --git a/doc/index.rst b/doc/index.rst
index 44fbe8be0..b9273b482 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -61,4 +61,5 @@ Want to File a Bug/RFE?
 
 * `Search for bugs here <https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&classification=Community&list_id=2091774&product=Copr&query_format=advanced>`_: If it has, feel free to add yourself to Cc list of that bugzilla and add comments with more details, logs, etc.
 * `Report a new bug <https://bugzilla.redhat.com/enter_bug.cgi?product=Copr>`_: If it has not, then please report it here with all the detail you can muster.
+* `Report a security issue <https://github.com/fedora-copr/copr/security>`_: It is better to report privately, and make it public after the exploit is patched.
 * `Get a Bugzilla account <https://bugzilla.redhat.com/createaccount.cgi>`_: You will need an account in bugzilla to add comments or file new bugzillas.
diff --git a/frontend/coprs_frontend/coprs/templates/project_info.html b/frontend/coprs_frontend/coprs/templates/project_info.html
index 49adbf688..49afcac50 100644
--- a/frontend/coprs_frontend/coprs/templates/project_info.html
+++ b/frontend/coprs_frontend/coprs/templates/project_info.html
@@ -4,6 +4,7 @@
     <li><a href="https://github.com/fedora-copr/copr">Project Homepage</a></li>
     <li><a href="https://docs.pagure.org/copr.copr/user_documentation.html">User Documentation</a></li>
     <li><a href="https://github.com/fedora-copr/copr/issues/new">Report a Bug</a></li>
+    <li><a href="https://github.com/fedora-copr/copr/security">Report a security issue</a></li>
     <li><a href="https://github.com/fedora-copr/copr/issues">Known Issues</a></li>
     <li><a href="https://docs.pagure.org/copr.copr/user_documentation.html#faq">FAQ</a></li>
   </ul>