Hey I'm going through Linux Foundation class on se...
# development
Hey I'm going through Linux Foundation class on secure software development. They recommend OSS projects have a top-level
file for how people should report vulnerabilities. Thoughts on formalizing our process?
👍 3
The only precedent I see is https://github.com/pantsbuild/pants/issues/11933, where we direct a user to email pantsbuild@gmail.com We could simply formalize that. Or, create a dedicated e.g. Google group that mirrors our Code of Conduct. That is, multiple people can be in the group
Without how much people reach out on slack for literally everything else. Seems to me if someone did want to report something they'd just ask here where to report it
Someone shouldn't need to create a slack account just to report a security issue though.
☝️ 1