-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create SECURITY.md #108
Create SECURITY.md #108
Conversation
To give people instructions for responsibly reporting security vulnerabilities in our project. This is a default template and can be editted to fit our needs
Codecov Report
@@ Coverage Diff @@
## development #108 +/- ##
==========================================
Coverage 0% 0%
==========================================
Files 17 17
Lines 123 123
Branches 2 2
==========================================
Misses 123 123 Continue to review full report at Codecov.
|
@anthonyLuttrell What's your opinion on adding this. |
Are we planning on having features where this would be required? Or is it something that might be required even with our game? I'm aware it's frowned upon not to add this one, but I'm just not sure which kinds of projects this is applicable. |
Well maybe but if this prevents a hack |
@alexdqmf this is just a suggestion however. |
Could you perhaps fill out SECURITY.MD? I agree that we should have a file on security, if only for the fact that there's no reason not to, but it seems rather pointless to just merge a template. The whole thing doesn't have to be done at once, but even adding basic secure coding tips would be good. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While a bug_report.md can get away with being somewhat inaccurate or untrue to the real situation, SECURITY.md is very likely to outright contradict what we have. This isn't good at all.
It isn't good to the point that it's better to have no SECURITY.md at all than one that's wrong.
I don't see the point in adding this as well. |
Ok so are we saying that we are against the idea of this or jus that this template needs to be editted? |
What would we write, if we decided to edit it? |
True, I'm not sure what we'd write as I haven't been able to find a great example besides doing a cursory search and finding theses two: https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md, https://github.com/apache/storm/blob/master/SECURITY.md, and |
What's important is that neither of repositories you linked deal with offline-only, entertainment-only products. |
Ok so I'll close this pull request and the issue with it. |
This will close #109 and this pull request |
Resolves #109 |
To give people instructions for responsibly reporting security vulnerabilities in our project. This is a default template and can be editted to fit our needs