This repository was archived by the owner on Apr 20, 2025. It is now read-only.
docs: Addition of a Security Policy #225
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I did this because some projects use a README section named "Security" to disclose the same infos that we're disclosing on the Security Policy. After this change they'd be correctly redirected.
Owner
|
Thanks! Much appreciated, really.
That's certainly interesting. I appreciate any help on this project, and responsibly dealing with security issues is an important one. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #224
I've created the SECURITY.md file following a GitHub's template and considering that you'd request that users report vulnerabilities through the same email you pointed on the issue #161.
I'd also recommend that you check out the Github feature of the security advisory, which would allow users to confidentially report vulnerabilities directly on Github. They would be guided by a template and the reported issues would be accessible by any maintainers on Github. If you have interest, I'm available to help enable it and change the Security Policy to mention it.
Additionally, feel free to edit or suggest any changes to this document, it is supposed to reflect the amount of effort you and your team can offer to handle vulnerabilities.