[[send-patches]]
=== Sending your patches.
+:security-ml: footnoteref:[security-ml,The Git Security mailing list: git-security@googlegroups.com]
+
+Before sending any patches, please note that patches that may be
+security relevant should be submitted privately to the Git Security
+mailing list{security-ml}, instead of the public mailing list.
+
Learn to use format-patch and send-email if possible. These commands
are optimized for the workflow of sending patches, avoiding many ways
your existing e-mail client that is optimized for "multipart/*" mime
that starts with `-----BEGIN PGP SIGNED MESSAGE-----`. That is
not a text/plain, it's something else.
+:security-ml-ref: footnoteref:[security-ml]
+
+As mentioned at the beginning of the section, patches that may be
+security relevant should not be submitted to the public mailing list
+mentioned below, but should instead be sent privately to the Git
+Security mailing list{security-ml-ref}.
+
Send your patch with "To:" set to the mailing list, with "cc:" listing
-people who are involved in the area you are touching (the output from
-`git blame $path` and `git shortlog --no-merges $path` would help to
+people who are involved in the area you are touching (the `git
+contacts` command in `contrib/contacts/` can help to
identify them), to solicit comments and reviews.
:current-maintainer: footnote:[The current maintainer: gitster@pobox.com]
The sign-off is a simple line at the end of the explanation for
the patch, which certifies that you wrote it or otherwise have
-the right to pass it on as a open-source patch. The rules are
+the right to pass it on as an open-source patch. The rules are
pretty simple: if you can certify the below D-C-O:
[[dco]]
help you find out who they are.
. You get comments and suggestions for improvements. You may
- even get them in a "on top of your change" patch form.
+ even get them in an "on top of your change" patch form.
. Polish, refine, and re-send to the list and the people who
spend their time to improve your patch. Go back to step (2).