Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SECURITY.md: use github vuln reporting tool #1412

Merged
merged 1 commit into from
Aug 23, 2023
Merged

SECURITY.md: use github vuln reporting tool #1412

merged 1 commit into from
Aug 23, 2023

Conversation

ctz
Copy link
Member

@ctz ctz commented Aug 22, 2023

We have a mailing list for this. But, the first time that was used for real, it didn't go very well:

  • the report and a follow-up went into spam. A private google group delivering to gmail -- you'd think this would work well, but it did not.
  • there was only me in the group.

Github now has a "private vulnerability reporting" feature that should be better for getting reports to the right people quickly. Let's try that?

@ctz
SECURITY.md: use github vuln reporting tool
97158f2 
We have a mailing list for this. But, the first time that was used for real, it didn't go very well:

- the report and a follow-up went into spam. A private google group delivering to gmail -- you'd think this would work well, but  it did not.
- there was only me in the group.

Github now has a "private vulnerability reporting" feature that should be better for getting reports to the right people quickly. Let's try that?
djc
djc approved these changes Aug 22, 2023
View reviewed changes
Copy link
Member

@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for webpki?

@codecov
Copy link

codecov bot commented Aug 22, 2023

Codecov Report

Merging #1412 (97158f2) into main (f65b116) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1412   +/-   ##
=======================================
  Coverage   96.33%   96.33%           
=======================================
  Files          66       66           
  Lines       14860    14860           
=======================================
  Hits        14316    14316           
  Misses        544      544

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@ctz ctz added this pull request to the merge queue Aug 23, 2023
Merged via the queue into main with commit 6e9a61f Aug 23, 2023
39 checks passed
@ctz ctz deleted the ctz-patch-1 branch August 23, 2023 08:21
@ctz ctz mentioned this pull request Aug 23, 2023
Merged
@cpu
Copy link
Member

cpu commented Aug 24, 2023

This seems like a really good idea. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ctz @cpu @djc