From 3d26572773a561654fa5821615afd80745bf323b Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@gmail.com>
Date: Fri, 30 Jul 2021 09:23:18 +0200
Subject: [PATCH] doc: add point to ask H1 reporter about credit

This commit updates the security release process document with a bullet
point to ask the HackerOne reporter if they would like to be credited
for reporting the vulnerability. We might also be able to add a question
like this to the HackerOne template when a report is created, but it
would still be good to have this bullet point to remember to include the
information in the security release blog post.

PR-URL: https://github.com/nodejs/node/pull/39585
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
---
 doc/guides/security-release-process.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/guides/security-release-process.md b/doc/guides/security-release-process.md
index 10465c57501328..d3bdcf0e55ac4d 100644
--- a/doc/guides/security-release-process.md
+++ b/doc/guides/security-release-process.md
@@ -21,6 +21,11 @@ information described.
     the date in the slug so that it will move to the top of the blog list.)
   * [ ] pre-release: ***LINK TO PR***
   * [ ] post-release: ***LINK TO PR***
+    * Ask the HackerOne reporter if they would like to be credited on the
+      security release blog page:
+      ```text
+      Thank you to <name> for reporting this vulnerability.
+      ```
 
 * [ ] Get agreement on the planned date for the release: ***RELEASE DATE***