Update security policy#211
Open
k9withabone wants to merge 3 commits intomainfrom
Open
Conversation
Added `MAINTAINERS.md` at the request of the Podman maintainers. It contains contact information for reporting security vulnerabilities if the reporter does not have a GitHub account. Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
Changed the security policy at the request of the Podman maintainers to direct security vulnerability reports to the Podlet maintainers. Closes: #183 Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
Member
Author
|
@Luap99 does the new security policy look good to you? I'll copy it over to |
|
|
||
| If you have identified a security vulnerability in the Podlet project, please **do not** report the | ||
| issue publicly via GitHub issues, mailing list, Discord, etc. Instead, use the | ||
| [private security vulnerability reporting](https://github.com/containers/podlet/security) on GitHub |
Member
There was a problem hiding this comment.
This is a bit of a circular loop and just points to this page. Maybe be a bit more explicit? If you take this suggestion, take the line above too. It's a two-for-one deal.
Suggested change
| [private security vulnerability reporting](https://github.com/containers/podlet/security) on GitHub | |
| "Report a vulnerability button on the [private security vulnerability reporting](https://github.com/containers/podlet/security) page on GitHub |
| ## Reporting a Vulnerability | ||
|
|
||
| If you have identified a security vulnerability in the Podlet project, please **do not** report the | ||
| issue publicly via GitHub issues, mailing list, Discord, etc. Instead, use the |
Member
There was a problem hiding this comment.
See next
Suggested change
| issue publicly via GitHub issues, mailing list, Discord, etc. Instead, use the | |
| issue publicly via GitHub issues, mailing list, Discord, etc. Instead, press the |
Member
|
I really like where this is going, just a few suggestions to make it a bit more explicit. |
Changed the wording in `SECURITY.md` and `MAINTAINERS.md` to be more explicit in how to report a vulnerability (press the "Report a vulnerability" button). Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
Member
TomSweeneyRedHat
left a comment
TomSweeneyRedHat
left a comment
There was a problem hiding this comment.
LGTM
TYVM for the changes!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added
MAINTAINERS.mdwith contact information for the Podlet maintainers.Changed
SECURITY.mdto direct security vulnerability reports to the Podlet maintainers.Closes: #183