security: Indicate that a draft security advisory is insufficient not…

…ification
trillium-rs · Jan 24, 2024 · b27950c · b27950c
1 parent 55e6d57
commit b27950c
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/SECURITY.md b/SECURITY.md
@@ -5,4 +5,10 @@
 Until Trillium reaches 1.0, only the most recent release will be certainly be supported for security updates, but an effort will be made to backport critical patches when possible.
 
 ## Reporting a Vulnerability
-To report a vulnerability, email [hi@jbr.me](mailto:hi@jbr.me)
+
+To report a vulnerability, email [hi@jbr.me](mailto:hi@jbr.me) and/or contact me on [signal](https://signal.group/#CjQKIAarILo8OPFVt2qMCYgtDsPwOwwf_zVkZcDi7HEnF-BUEhAOAw28LIdxCfjbSiOJ36jB). The latter is an experiment, so please follow up by email additionally for now.
+
+Feel free to [draft a GitHub Security Advisory](https://github.com/trillium-rs/trillium/security/advisories/new) in addition to the above.
+
+> [!IMPORTANT]
+> Please do not _exclusively_ file a GitHub security advisory without also reaching out on another channel. GitHub's notifications for draft security advisories are inadequate and too easily missed.