Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addition of a security policy SECURITY.md to github.com/peeringdb/peeringdb #1504

Closed
netravnen opened this issue Jan 10, 2024 · 8 comments
Closed

Addition of a security policy SECURITY.md to github.com/peeringdb/peeringdb #1504

netravnen opened this issue Jan 10, 2024 · 8 comments
Assignees
@leovegoda
Labels
No code change Fixing the issue will not require touching the code Operations Operations Committee
Milestone
Next Release

Comments

@netravnen
Copy link
Contributor

netravnen commented Jan 10, 2024
edited

Do we want to enable GitHubs functionality to privately report potential code security issues via GitHub?

When reading the docs I am not able to accurately identify any clear publicly available description for how to report potential code security issues to PeeringDB.

Links:

Edit: If we already have a clear channel of communication for the above mentioned suggestion. Please disregard this issue.
@leovegoda
Copy link
Contributor

We have this: https://docs.peeringdb.com/howto/make-a-security-report/

We should create a SECURITY.md and point it there, I suppose.

@netravnen
Copy link
Contributor Author

netravnen commented Jan 11, 2024
edited

Summary suggestion:

  1. Create a SECURITY.md file at github.com/peeringdb/.github
  2. Create /.well-known/security.txt on www.PeeringDB.com

Minimal /.well-known/security.txt

# Our security policy
Policy: https://docs.peeringdb.com/howto/make-a-security-report/

@leovegoda leovegoda self-assigned this Jan 11, 2024
@leovegoda leovegoda added this to the 1 Decide milestone Jan 11, 2024
@leovegoda leovegoda added the No code change Fixing the issue will not require touching the code label Jan 11, 2024
@mcmanuss8
Copy link
Contributor

+1

1 similar comment
@grizz
Copy link
Member

grizz commented Mar 14, 2024

+1

@jackcarrozzo
Copy link

Pc call: we have the policy so we might as well put it there

+1

@jbartig
Copy link

jbartig commented Mar 14, 2024

+1

@leovegoda leovegoda modified the milestones: 1 Decide, Next Release Mar 14, 2024
leovegoda added a commit to leovegoda/peeringdb that referenced this issue Mar 14, 2024
@leovegoda
Add security policy
ebf158f 
peeringdb#1504 agreed at PC meeting
@leovegoda leovegoda mentioned this issue Mar 14, 2024
Merged
@grizz grizz linked a pull request Mar 21, 2024 that will close this issue
Add security policy #1567
Merged
@grizz grizz removed a link to a pull request Mar 21, 2024
Add security policy #1567
Merged
@grizz
Copy link
Member

grizz commented Mar 21, 2024

This still needs ops work to add the .well-known/security.txt file

@grizz grizz added the Operations Operations Committee label Mar 21, 2024
grizz added a commit that referenced this issue Mar 21, 2024
@leovegoda @grizz
Add security policy (#1567)
be0afe8 
* Add security policy

#1504 agreed at PC meeting

* Update .well-known-security.txt

---------

Co-authored-by: Matt Griswold <grizz@20c.com>
@leovegoda
Copy link
Contributor

Completed via #1567

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leovegoda leovegoda

Labels
No code change Fixing the issue will not require touching the code Operations Operations Committee
Projects
None yet
Milestone
Next Release
Development

No branches or pull requests
6 participants
@grizz @jackcarrozzo @netravnen @jbartig @mcmanuss8 @leovegoda