Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

other: Add a Security-Policy #810

Merged
merged 3 commits into from
Apr 27, 2023
Merged

other: Add a Security-Policy #810

merged 3 commits into from
Apr 27, 2023

Conversation

diogoteles08
Copy link
Contributor

Closes #809

I've created the SECURITY.md file following a GitHub's template and considering the report vulnerability through security advisory, which is a handy new GitHub feature still in beta, but has to be enabled.

If you're interested in this feature, it must be activated for the repository:

  1. Click on this link to go to Code security & analysis section on your repo's settings
  2. Click "Enable" for "Private vulnerability reporting (Beta)"

If you rather not use this feature, you can also request users to report vulnerabilities to an email. If that's the case, let me know which email it would be and I can submit the change.

Additionally, feel free to edit or suggest any changes to this document, it is supposed to reflect the amount of effort the team can offer to handle vulnerabilities.

klauspost
klauspost reviewed Apr 26, 2023
View reviewed changes
Copy link
Owner

@klauspost klauspost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea.

I feel like a clarification on the what a vulnerability is would be appropriate.

SECURITY.md Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
diogoteles08 and others added 2 commits April 26, 2023 16:20
@diogoteles08 @klauspost
Add Vulnerability Definition to Security Policy
f2f1576 
Co-authored-by: Klaus Post <klauspost@gmail.com>
@diogoteles08 @klauspost
Asks steps to reproduce the issues on Security Policy
2d687f3 
Add to Security Policy a request to add steps to reproduce the vulnerabilities reported

Co-authored-by: Klaus Post <klauspost@gmail.com>
@diogoteles08
Copy link
Contributor Author

Great suggestions! I have applied them

@klauspost klauspost merged commit 2cf14c4 into klauspost:master Apr 27, 2023
@klauspost klauspost changed the title Add a Security-Policy other: Add a Security-Policy Apr 27, 2023
@klauspost
Copy link
Owner

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klauspost klauspost klauspost left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a Security-Policy
2 participants
@diogoteles08 @klauspost