-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Support and Security metadata pages #1
Conversation
You can submit any security issue or suspected vulnerability | ||
on the GitHub Security pages of the project. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like I'm missing something here. I would expect [email protected]
here. Or is there a way to have some kind of "private issues" in GitHub for security?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Turns out we can turn private issue reporting for vulnerabilites
https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! TIL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is something we should add to the project onboarding checklist IMHO.
But yeah, it becomes a useful thing for small projects
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Raised GradleUp/gradleup.github.io#2 for now
GradleUp is a community driven project, | ||
most of contributors and maintainers invest their personal time. | ||
We do not guarantee a response or resolution | ||
time for the submitted issues. | ||
As it is written in the Apache License v2: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
You can submit any security issue or suspected vulnerability | ||
on the GitHub Security pages of the project. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Turns out we can turn private issue reporting for vulnerabilites
https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
Co-authored-by: Martin Bonnin <[email protected]>
Merging to kick-off the site |
No description provided.