From 6b6ac8e9f095bca8e888c06e13eda3b11df6d340 Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Mon, 28 Aug 2017 16:33:49 -0400
Subject: [PATCH] Add security mailing list to readme and releases

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 README.md   | 5 +++++
 RELEASES.md | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 08a68145d..b7c352c29 100644
--- a/README.md
+++ b/README.md
@@ -192,6 +192,11 @@ For sync communication we have a community slack with a #containerd channel that
 
 **Slack:** https://dockr.ly/community
 
+### Reporting security issues
+
+__If you are reporting a security issue, please follow the responsible
+disclosure guidelines and reach out discreetly at containerd-security@googlegroups.com__.
+
 ## Copyright and license
 
 Copyright ©2016-2017 Docker, Inc. All rights reserved, except as follows. Code
diff --git a/RELEASES.md b/RELEASES.md
index c3a828d96..75a3d5185 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -118,6 +118,8 @@ __If you are reporting a security issue, please follow the responsible
 disclosure guidelines and reach out discreetly__. Remember that backported PRs
 must follow the versioning guidelines from this document.
 
+Please send security related issues to containerd-security@googlegroups.com.
+
 Any release that is "active" can accept backports. Opening a backport PR is
 fairly straightforward. The steps differ depending on whether you are pulling
 a fix from master or need to draft a new commit specific to a particular