Fix/add security policy#4707
Closed
Youngyz1 wants to merge 3 commits into
Closed
Conversation
Added a security policy document outlining vulnerability reporting, supported versions, and best practices for self-hosted deployments.
Add SECURITY.md for vulnerability reporting and best practices
Updated comments for generating worker keys.
Collaborator
|
Thank you for flagging this @Youngyz1 . I've gone ahead and fixed this myself on the main branch. A security policy isn't just a document we add to a repo It has to be part of our organisational process. We already have several layers of security which apply to this repo, including AI audits and notes in the readme When raising PRs, please try and keep them as small and focused as possible so that its easy for maintainers to merge them 🙏 |
Author
|
Hi Joe,
Thank you again for your kind response on my PR, and for going ahead and
fixing the security policy yourself. Your feedback about keeping PRs small
and focused was genuinely helpful, and it's something I'm actively working
on.
I'll be honest with you: I applied for a role at OpenFn recently and wasn't
successful, but that hasn't dampened my interest in the project or the
mission at all. OpenFn is exactly the kind of work I want to be part of
open source, real-world impact, and a team that clearly cares about quality.
I'm reaching out to ask if there's any way I could get involved in a more
structured capacity, whether that's an internship, a junior contributor
role, or even just a mentored contribution path. I'm not focused on the
title or the pay. What I'm after is real production experience, working
alongside people who can help me grow.
I'm currently building my skills in full-stack development (React, .NET,
Docker, Kubernetes) and I'm comfortable working independently. I'm based in
Abidjan and available in EU/Africa timezones.
If there's any opportunity, however small, I'd love to explore it. And if
the timing isn't right, I'll keep contributing to the repo regardless.
Thanks for your time, Joe. I really appreciate it.
Best,
Ohia Godwill
…On Tue, May 12, 2026 at 10:45 AM Joe Clark ***@***.***> wrote:
*josephjclark* left a comment (OpenFn/lightning#4707)
<#4707 (comment)>
Thank you for flagging this @Youngyz1 <https://github.com/Youngyz1> .
I've gone ahead and fixed this myself on the main branch.
A security policy isn't just a document we add to a repo It has to be part
of our organisational process. We already have several layers of security
which apply to this repo, including AI audits and notes in the readme
<https://github.com/OpenFn/lightning#security-and-standards>
When raising PRs, please try and keep them as small and focused as
possible so that its easy for maintainers to merge them 🙏
—
Reply to this email directly, view it on GitHub
<#4707 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BWA6RQ7OKF7YQTXRAAOXRUL42LXC5AVCNFSM6AAAAACYSLK3MKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DIMRZGI2TKMBZHE>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Collaborator
|
Hi @Youngyz1 Thanks for reaching out. I'd love to help but I'm not sure really - we're not in a position to take on contributors right now. Even volunteer work comes with a big cost for the organisation, and you can see from the PR page that we're struggling to keep up with contributions as it is. I'll take a look over the backlog and see if there's are some issues that would be suitable for you to volunteer on |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR [adds/changes/fixes]... (A description of your work goes here.)
Closes #__
Validation steps
Additional notes for the reviewer
AI Usage
Please disclose whether you've used AI anywhere in this PR (it's cool, we just
want to know!):
You can read more details in our
Responsible AI Policy
Pre-submission checklist
/reviewwith Claude Code)
(e.g.,
:owner,:admin,:editor,:viewer)