Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security md #2798

Merged
merged 8 commits into from
Jun 5, 2024
Merged

Update security md #2798

merged 8 commits into from
Jun 5, 2024

Conversation

emmwalsh
Copy link
Contributor

Updated SECURITY.md file as requested by Nikolay Petrov

@emmwalsh
Copy link
Contributor Author

@bdmoore1 can you review and approve this please? Thanks

emmwalsh

This comment was marked as off-topic.

Sign in to view

bdmoore1
bdmoore1 approved these changes May 22, 2024
edited
Loading
View reviewed changes
bdmoore1
bdmoore1 suggested changes May 22, 2024
View reviewed changes
Copy link
Contributor

@bdmoore1 bdmoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove all of the asterisks after Library. The asterisk is to signify a 3rd party brand name. Scikit-learn is a 3rd party brand name, so that's why it was there before. But oneDAL is Intel's brand name so we brand it with (R) and (TM).

SECURITY.md Outdated
* You need help applying security-related updates.
* Your issue is not security-related.

## Security Reports Review Process

We aim to respond quickly to your inquiry and coordinate a fix and
disclosure with you. All confirmed security vulnerabilities will be addressed
according to severity level and impact on Intel(R) Extension for Scikit-learn*. Normally, security issues
are fixed in the next planned release.
according to severity level and impact on Intel(R) oneAPI Data Analytics Library*. Normally, security issues are fixed in the next planned release.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the asterisk after Library (*)

SECURITY.md Outdated Show resolved Hide resolved
@maria-Petrova
Copy link
Contributor

I'll approve the PR once Ben's comments are addressed.

@emmwalsh
Update SECURITY.md
288fb13 
Update SECURITY.md

removed asterix
@emmwalsh
Copy link
Contributor Author

emmwalsh commented May 31, 2024
edited
Loading

I'll approve the PR once Ben's comments are addressed.

Hi @maria-Petrova I have removed the asterisk and have resolved Bens Comments :)
Can you please review and approve this PR?

@maria-Petrova maria-Petrova merged commit ec0bcd8 into oneapi-src:main Jun 5, 2024
16 checks passed
@rozhukov
Copy link

Hi @maria-Petrova @emmwalsh , I noticed you've made updates to security.md, which is good. I see a few issues/typos:

  1. Please remove Intel wording from all the text as it's now officially UXL
  2. Link is broken here:
    Report a vulnerability to us in one of two ways:
    Open a draft [GitHub Security Advisory][2]*
  3. Link is broken here:
    Disclosure Policy
    We will publish security advisories using the [GitHub Security Advisories feature][3]

@napetrov napetrov mentioned this pull request Jun 25, 2024
Closed
@emmwalsh
Copy link
Contributor Author

Hi @maria-Petrova @emmwalsh , I noticed you've made updates to security.md, which is good. I see a few issues/typos:

  1. Please remove Intel wording from all the text as it's now officially UXL
  2. Link is broken here:
    Report a vulnerability to us in one of two ways:
    Open a draft [GitHub Security Advisory][2]*
  3. Link is broken here:
    Disclosure Policy
    We will publish security advisories using the [GitHub Security Advisories feature][3]
    Hi @rozhukov should I replace the Intel wording with UXL or just remove the Intel wording with no replacement? Thanks

@rozhukov
Copy link

Hi @maria-Petrova @emmwalsh , I noticed you've made updates to security.md, which is good. I see a few issues/typos:

  1. Please remove Intel wording from all the text as it's now officially UXL
  2. Link is broken here:
    Report a vulnerability to us in one of two ways:
    Open a draft [GitHub Security Advisory][2]*
  3. Link is broken here:
    Disclosure Policy
    We will publish security advisories using the [GitHub Security Advisories feature][3]
    Hi @rozhukov should I replace the Intel wording with UXL or just remove the Intel wording with no replacement? Thanks

It's up to you. I'd suggest to keep it independent like simply "oneDAL".
Example: https://github.com/oneapi-src/oneDNN/blob/main/SECURITY.md

@emmwalsh
Copy link
Contributor Author

emmwalsh commented Jul 2, 2024

Hi @rozhukov I have made the changes now but for the third point, do you know what the correct link is or should I just remove the link and not replace it with anything? Thanks!

@rozhukov
Copy link

rozhukov commented Jul 2, 2024

Hi @rozhukov I have made the changes now but for the third point, do you know what the correct link is or should I just remove the link and not replace it with anything? Thanks!

just link is broken itself in the markdown
image

It should lead to the respective "Report vulnerability" button: https://github.com/oneapi-src/oneDAL/security/advisories/new

@emmwalsh
Copy link
Contributor Author

emmwalsh commented Jul 2, 2024

Hi @rozhukov, thanks so much for that! I have updated the second link now. For the third link under the disclosure policy, do you know what the link should be for [GitHub Security Advisories feature][3]?

Thanks!

@rozhukov
Copy link

rozhukov commented Jul 2, 2024

Hi @rozhukov, thanks so much for that! I have updated the second link now. For the third link under the disclosure policy, do you know what the link should be for [GitHub Security Advisories feature][3]?

Thanks!

sure, no problem. It'd be: https://github.com/oneapi-src/oneDAL/security/advisories

@emmwalsh emmwalsh mentioned this pull request Jul 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdmoore1 bdmoore1 bdmoore1 requested changes

@maria-Petrova maria-Petrova maria-Petrova approved these changes

@Vika-F Vika-F Awaiting requested review from Vika-F

@Alexsandruss Alexsandruss Awaiting requested review from Alexsandruss

@aepanchi aepanchi Awaiting requested review from aepanchi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emmwalsh @maria-Petrova @rozhukov @bdmoore1