Security reports #392
Comments
|
Let's try the github one and see how it goes. They say "route to the repository owner" so maybe this can even work better for us. |
|
See also the SECURITY.md to add to the .github repo: https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file |
I've looked at this a little and it seems like it might be a bit complicated for our purposes.
This with the nix-community admin email seems like the easiest option for initial reporting. Opened nix-community/.github#3, modified slightly from the Numtide security.md. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://nixos.org/community/teams/security.html
Like the nixos org I suppose we should have a method and some sort of policy for reporting potential security issues with the infra and repos that don't already have their own security reporting or aren't responsive.
Easiest may be taking reports via github itself:
Private vulnerability reporting (beta)Guess an alternative could be encrypted email but we'd probably want a dedicated address that gets forwarded to everyone rather than it potentially being sent directly to one person who isn't responsive.
The text was updated successfully, but these errors were encountered: