Ergonomic, hermetic, user-friendly software build system for Python, Go, Java, Kotlin, Protobuf, Scala, Shell. Pants lets you fearlessly scale up your codebase!

Pants

Hey I'm going through Linux Foundation class on secure software development. They recommend OSS projects have a top-level `SECURITY.md` file for how people should report vulnerabilities. Thoughts on formalizing our process?

The only precedent I see is <https://github.com/pantsbuild/pants/issues/11933>, where we direct a user to email <mailto:pantsbuild@gmail.com|pantsbuild@gmail.com>

We could simply formalize that. Or, create a dedicated e.g. Google group that mirrors our Code of Conduct. That is, multiple people can be in the group

Without how much people reach out on slack for literally everything else. Seems to me if someone did want to report something they'd just ask here where to report it

Someone shouldn't need to create a slack account just to report a security issue though.