Should security disclosure page maybe mention rustsec ? #1712
Comments
SamB
added
A-Content
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
What needs to be fixed?
First of all: I do not have a vulnerability to report, I was just poking around crates.io and happened to notice that https://crates.io/crates/dwarf didn't have a nice warning box pointing out that the author has abandoned that project in favor of gimli (see https://github.com/philipc/rust-dwarf#readme for the notice, it's at the very beginning of the README), and thought "wasn't there a security tracking database that ought to have an entry about this?", so started clinking links until I found myself at https://www.rust-lang.org/policies/security ... but that clearly was not what I wanted, because I'm not trying to report some hidden vulnerability, just add a publicly posted deprecation to a database ...
Anyway, I was actually looking for rustsec.org and their database.
Page(s) Affected
https://www.rust-lang.org/policies/security
Suggested Improvement
Link to rustsec; describe when it's okay to report things in public and when to report them to security@.
The text was updated successfully, but these errors were encountered: