Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a dedicated security policy file #2303

Closed
wants to merge 1 commit into from

Conversation

pnacht
Copy link

@pnacht pnacht commented Sep 4, 2023

Summary

Description

This PR moves the information on how to disclose security vulnerabilities from CONTRIBUTING.md to a dedicated SECURITY.md file.

The new policy also adds some instructions on relevant information to be passed along with the vulnerability report. If there's anything you want to change, let me know!

Comment on lines -19 to -21
* To report a **security vulnerability**, use the
[Tidelift security contact](https://tidelift.com/security).
Tidelift will coordinate the fix and the disclosure of the reported problem.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's harmful to have this info here as well. Or, at the very least the policy should be mentioned and linked to from the README. (IMHO.)

@pnacht
Copy link
Author

pnacht commented Nov 17, 2023

Hey, let me know if this is something you're interested in. If not, feel free to close!

@giampaolo
Copy link
Owner

I added a SECURITY.md file some time ago, but thanks for opening this. Closing it out.

@giampaolo giampaolo closed this Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create a dedicated security policy file
3 participants