[committed 0/2] SECURITY.txt: Trivial fixups

[committed 0/2] SECURITY.txt: Trivial fixups

[Siddhesh Poyarekar]

Committed some trivial comma and indentation fixups that Jan shared with
me off-list.

Jan Engelhardt (2):
  secpol: add grammatically missing commas / remove one excess instance
  secpol: consistent indentation

 SECURITY.txt | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

-- 
2.41.0

[committed 1/2] secpol: add grammatically missing commas / remove one excess instance

[Siddhesh Poyarekar]

From: Jan Engelhardt <jengelh@inai.de>

Signed-off-by: Jan Engelhardt <jengelh@inai.de>

ChangeLog:

	* SECURITY.txt: Fix up commas.
---
 SECURITY.txt | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/SECURITY.txt b/SECURITY.txt
index b65f24cfc2a..93792923583 100644
--- a/SECURITY.txt
+++ b/SECURITY.txt
@@ -3,12 +3,12 @@ What is a GCC security bug?
 
     A security bug is one that threatens the security of a system or
     network, or might compromise the security of data stored on it.
-    In the context of GCC there are multiple ways in which this might
+    In the context of GCC, there are multiple ways in which this might
     happen and some common scenarios are detailed below.
 
     If you're reporting a security issue and feel like it does not fit
     into any of the descriptions below, you're encouraged to reach out
-    through the GCC bugzilla or if needed, privately, by following the
+    through the GCC bugzilla or, if needed, privately, by following the
     instructions in the last two sections of this document.
 
 Compiler drivers, programs, libgccjit and support libraries
@@ -24,11 +24,11 @@ Compiler drivers, programs, libgccjit and support libraries
 
     The libgccjit library can, despite the name, be used both for
     ahead-of-time compilation and for just-in-compilation.  In both
-    cases it can be used to translate input representations (such as
-    source code) in the application context; in the latter case the
+    cases, it can be used to translate input representations (such as
+    source code) in the application context; in the latter case, the
     generated code is also run in the application context.
 
-    Limitations that apply to the compiler driver, apply here too in
+    Limitations that apply to the compiler driver apply here too in
     terms of trusting inputs and it is recommended that both the
     compilation *and* execution context of the code are appropriately
     sandboxed to contain the effects of any bugs in libgccjit, the
@@ -43,7 +43,7 @@ Compiler drivers, programs, libgccjit and support libraries
 
     Libraries such as zlib that are bundled with GCC to build it will be
     treated the same as the compiler drivers and programs as far as
-    security coverage is concerned.  However if you find an issue in
+    security coverage is concerned.  However, if you find an issue in
     these libraries independent of their use in GCC, you should reach
     out to their upstream projects to report them.
 
@@ -97,7 +97,7 @@ Language runtime libraries
     * libssp
     * libstdc++
 
-    These libraries are intended to be used in arbitrary contexts and as
+    These libraries are intended to be used in arbitrary contexts and, as
     a result, bugs in these libraries may be evaluated for security
     impact.  However, some of these libraries, e.g. libgo, libphobos,
     etc.  are not maintained in the GCC project, due to which the GCC
@@ -145,7 +145,7 @@ GCC plugins
 
     It should be noted that GCC may execute arbitrary code loaded by a
     user through the GCC plugin mechanism or through system preloading
-    mechanism.  Such custom code should be vetted by the user for safety
+    mechanism.  Such custom code should be vetted by the user for safety,
     as bugs exposed through such code will not be considered security
     issues.
 
-- 
2.41.0

[committed 2/2] secpol: consistent indentation

[Siddhesh Poyarekar]

From: Jan Engelhardt <jengelh@inai.de>

86% of the document have 4 spaces; adjust the remaining 14%.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>

ChangeLog:

	* SECURITY.txt: Fix up indentation.
---
 SECURITY.txt | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/SECURITY.txt b/SECURITY.txt
index 93792923583..b3e2bbfda90 100644
--- a/SECURITY.txt
+++ b/SECURITY.txt
@@ -173,33 +173,33 @@ Security features implemented in GCC
 Reporting private security bugs
 ===============================
 
-   *All bugs reported in the GCC Bugzilla are public.*
+    *All bugs reported in the GCC Bugzilla are public.*
 
-   In order to report a private security bug that is not immediately
-   public, please contact one of the downstream distributions with
-   security teams.  The following teams have volunteered to handle
-   such bugs:
+    In order to report a private security bug that is not immediately
+    public, please contact one of the downstream distributions with
+    security teams.  The following teams have volunteered to handle
+    such bugs:
 
       Debian:  security@debian.org
       Red Hat: secalert@redhat.com
       SUSE:    security@suse.de
       AdaCore: product-security@adacore.com
 
-   Please report the bug to just one of these teams.  It will be shared
-   with other teams as necessary.
+    Please report the bug to just one of these teams.  It will be shared
+    with other teams as necessary.
 
-   The team contacted will take care of details such as vulnerability
-   rating and CVE assignment (http://cve.mitre.org/about/).  It is likely
-   that the team will ask to file a public bug because the issue is
-   sufficiently minor and does not warrant an embargo.  An embargo is not
-   a requirement for being credited with the discovery of a security
-   vulnerability.
+    The team contacted will take care of details such as vulnerability
+    rating and CVE assignment (http://cve.mitre.org/about/).  It is likely
+    that the team will ask to file a public bug because the issue is
+    sufficiently minor and does not warrant an embargo.  An embargo is not
+    a requirement for being credited with the discovery of a security
+    vulnerability.
 
 Reporting public security bugs
 ==============================
 
-   It is expected that critical security bugs will be rare, and that most
-   security bugs can be reported in GCC, thus making
-   them public immediately.  The system can be found here:
+    It is expected that critical security bugs will be rare, and that most
+    security bugs can be reported in GCC, thus making
+    them public immediately.  The system can be found here:
 
       https://gcc.gnu.org/bugzilla/
-- 
2.41.0