Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: "Report a Vulnerability" link sends a confusing message #54358

Closed
AlekSi opened this issue Aug 9, 2022 · 4 comments
Closed

x/pkgsite: "Report a Vulnerability" link sends a confusing message #54358

AlekSi opened this issue Aug 9, 2022 · 4 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone

Comments

@AlekSi
Copy link
Contributor

AlekSi commented Aug 9, 2022

What is the URL of the page with the issue?

Any third-party package documentation page; for example, https://pkg.go.dev/github.com/pkg/errors.

Screenshots


image


image


What did you do?

  1. Clicked "Report a Vulnerability" link.
  2. Clicked "golang/vulndb" link on top to learn more about vulndb.
  3. Got confused about that part of the README.

What did you expect to see?

Non-contradictory statements.

What did you see instead?

Contradictory statements: pkg.go.dev prompts me to report security vulnerabilities in a repository that (according to README) does not accept them.

@AlekSi AlekSi added the pkgsite label Aug 9, 2022
@gopherbot gopherbot added this to the Unreleased milestone Aug 9, 2022
@AlekSi
Copy link
Contributor Author

AlekSi commented Aug 9, 2022

/cc @julieqiu

@findleyr
Copy link
Contributor

CC @jamalc as well.

@jamalc
Copy link

jamalc commented Aug 29, 2022

The README is out of date. The Report Vulnerability template is live in the golang/vulndb issue tracker. @julieqiu, do you have plans to update it already?

@jamalc jamalc added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo and removed pkgsite labels Aug 29, 2022
@heschi heschi added the NeedsFix The path to resolution is known, but the work has not been done. label Aug 29, 2022
@julieqiu
Copy link
Member

julieqiu commented Sep 6, 2022

This has been updated. Please contribute away! :)

@julieqiu julieqiu closed this as completed Sep 6, 2022
@julieqiu julieqiu moved this to Done in Go Security Sep 6, 2022
@julieqiu julieqiu modified the milestones: Unreleased, vuln/2022 Sep 6, 2022
@golang golang locked and limited conversation to collaborators Sep 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Status: Done
Development

No branches or pull requests

6 participants