RFC: Create SECURITY.md #26
Labels
Comments
2 tasks
|
Wed probably want to add one page on the website project, add a security.md file that references our central policies. One problem we have is the email and domain is owned by former maintainers so we have limited ability to create new aliases where we are able to get prompt responses from. |
|
I'm actually thinking maybe something like https://gitreports.com/ and posting to a private Security repository.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently there is no way for people to report security vulnerabilities in any of the ReactiveUI packages.
Describe the solution you'd like
Add a SECUTIRY.md file as suggested by GitHub that lists versions that will get security patches and a way for people to securely send reports.
Describe suggestions on how to achieve the feature
I recommend creating a publishing a PGP key for someone to encrypt their communications before reporting them to us via [email protected]. They can then be discussed as an advisory in the repository's security section. Sample: dotnet/corefx
Additional context
https://github.com/features/security
The text was updated successfully, but these errors were encountered: