-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Determining what our security policy should be for our repository #79
Comments
I agree, we should do that. I have no strong opinion on the process. Do you have a preference? |
@gr2m - No hard preference. That will open up a new template to create a I wonder if there's another repo in the |
Maybe we can utilize the "Private vulnerability reporting" feature, and link to that from SECURITY.md? |
@gr2m Makes sense! Reading the docs:
I don't have those privileges; if/when you choose to enable it, I can link to it from the |
Cut a draft PR to get the ball rolling: #92 |
🎉 This issue has been resolved in version 5.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Summary
Open Source Guides shares a number of recommended community standards, including adding a security policy.
I think it would be great if we can consider adding a real
SECURITY.md
file that gives people instructions for reporting security vulnerabilities in our project, if/when ever they should come up.cc: @gr2m for triage 🎫
The text was updated successfully, but these errors were encountered: