From 97ced64718c8805f46fddb2276e43819f0152d44 Mon Sep 17 00:00:00 2001
From: mrjoelkamp <joel.kamp@docker.com>
Date: Tue, 13 Aug 2024 09:20:05 -0500
Subject: [PATCH 1/2] docs: move security reporting instructions

---
 README.md   | 8 ++------
 SECURITY.md | 7 +++++++
 2 files changed, 9 insertions(+), 6 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index 7dc988f..14edaef 100644
--- a/README.md
+++ b/README.md
@@ -23,10 +23,6 @@ The process used to establish Docker's production TUF root is documented in [CER
 | James Carnegie   | [kipz](https://github.com/kipz)                                 | Targets, Delegated Targets (DOI) | [28751259](./ceremony/2024-06-04/keys/28751259/) |
 | Jonny Stoten     | [jonnystoten](https://github.com/jonnystoten)                   | Targets, Delegated Targets (DOI) | [28751258](./ceremony/2024-06-04/keys/28751258/) |
 
-## Reporting security issues
+## Security reporting
 
-Docker's TUF maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
-
-Please **DO NOT** file a public issue, instead send your report privately to [security@docker.com](mailto:security@docker.com).
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.
+If you have any security concerns please follow [SECURITY.md](./SECURITY.md)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9319189
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+## Reporting security issues
+
+Docker's TUF maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
+
+Please **DO NOT** file a public issue, instead send your report privately to [security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.
\ No newline at end of file

From 4f23ba0d625b0b4583ceb2525d2781f1cdb0bb61 Mon Sep 17 00:00:00 2001
From: mrjoelkamp <joel.kamp@docker.com>
Date: Tue, 13 Aug 2024 09:30:28 -0500
Subject: [PATCH 2/2] fix: CODEOWNERS

---
 .github/CODEOWNERS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index d851cc4..e5b4806 100755
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1,2 @@
-* @docker/supply-chain-security
+* @docker/signing
+targets/doi/ @docker/doi @docker/signing