Add security contact information #10
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -67,4 +67,6 @@ requested and approved by the OpenELA TSC on a per-individual basis. | |
|
|
||
| ## Contacting the OpenELA TSC | ||
|
|
||
| The TSC can be contacted via the email address: [[email protected]](mailto:[email protected]) | ||
| GPG public key available upon request. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Reporting OpenELA Security Vulnerabilities | ||
|
|
||
| ## Reporting Security Issues | ||
| Please report security issues to the Technical Steering Committee. | ||
| https://github.com/openela/governance/tree/main/TSC#contacting-the-openela-tsc | ||
|
|
||
| We encourage the use of GPG encrypted email. | ||
|
There was a problem hiding this comment. Fine. I wonder if we could simply use the GitHub builtin vulnerability reporting instead? Would allow collaboration on issues. There was a problem hiding this comment. That would probably work assuming the TSC gets notified. The one complication is that we'd be directing folks to use a specific repository (the issues repository, which doesn't exist yet) rather than allowing issues everywhere in openela-main, and that would prevent the private-issues-reporting tool from creating forks (since it'd be a different repository). |
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: missing dot at the end of the line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'll respin this PR without modifying that line