X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=README;h=8fa009ef516e8bf2ccf5762ee5ba22fb792ca9c1;hb=refs%2Fheads%2Ftizen_6.0;hp=aea83300cc433825f66185bc144bab3c802511ca;hpb=76c5deff5c50c118e40fcfd245f60f1b4f7c4cbd;p=platform%2Fupstream%2Fdbus.git

diff --git a/README b/README
index aea8330..8fa009e 100644
--- a/README
+++ b/README
@@ -18,7 +18,8 @@ The "and coordination" part is important; D-Bus provides a bus daemon that does
 See http://www.freedesktop.org/software/dbus/ for lots of documentation, 
 mailing lists, etc.
 
-See also the file HACKING for notes of interest to developers working on D-Bus.
+See also the file CONTRIBUTING.md for notes of interest to developers
+working on D-Bus.
 
 If you're considering D-Bus for use in a project, you should be aware
 that D-Bus was designed for a couple of specific use cases, a "system
@@ -29,6 +30,25 @@ If your use-case isn't one of these, D-Bus may still be useful, but
 only by accident; so you should evaluate carefully whether D-Bus makes
 sense for your project.
 
+Security
+==
+
+If you find a security vulnerability that is not known to the public,
+please report it privately to dbus-security@lists.freedesktop.org
+or by reporting a freedesktop.org bug that is marked as
+restricted to the "D-BUS security group" (you might need to "Show
+Advanced Fields" to have that option).
+
+On Unix systems, the system bus (dbus-daemon --system) is designed
+to be a security boundary between users with different privileges.
+
+On Unix systems, the session bus (dbus-daemon --session) is designed
+to be used by a single user, and only accessible by that user.
+
+We do not currently consider D-Bus on Windows to be security-supported,
+and we do not recommend allowing untrusted users to access Windows
+D-Bus via TCP.
+
 Note: low-level API vs. high-level binding APIs
 ===