[Vulnerability reporting] How reporting security issues is set up now #34
webknjaz
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I wanted to talk about how people can report security problems. Some time ago, I made https://github.com/aio-libs/.github/blob/master/SECURITY.md that shows up in all repositories in the org that don't have own
SECURITY.md
.It mentions a shared e-mail that has everything forwarded to Andrew and me. It also suggests that it's used as the last resort with the preference of using GitHub's private security vulnerability. Earlier, not all repos had that enabled, so I made sure to enable this feature.
cc @achimnol @bdraco @Dreamsorcerer @hellysmile @jettify @mjpieters @Nothing4You @pohmelie @samuelcolvin @aio-libs/admins
Beta Was this translation helpful? Give feedback.
All reactions