Re: [systemd-devel] GithHub / private repos
If we're actually discussing private repos for reporting security issues then Github product is not helpful. It seems that most of the projects use private mailing lists for that. For example, Linux kernel has secur...@kernel.org and another one for coordination with distributions - more details here https://www.kernel.org/doc/html/v4.18/admin-guide/security-bugs.html So I think something like systemd-secur...@lists.freedesktop.org is the way to go. Alex On Sat, Jan 26, 2019 at 3:42 PM Lennart Poettering wrote: > > On Di, 15.01.19 21:21, Alex Dzyoba (a...@dzyoba.com) wrote: > > > When you create a new organization you can choose "Team For Open > > Source" plan. Here is the link > > https://github.com/account/organizations/new > > > > Though, I don't know if it's possible to upgrade the existing systemd > > organization, sorry. Maybe it's possible to contact github support to > > ask for this. > > So I had a closer look at this, and found this: > > https://help.github.com/articles/github-s-products/ > > IIUC "GitHub Team for Open Source" doesn't actually add anything we > need. Because what we need would actually be the ability for arbitrary > people (i.e. not people who necessarily are members of our systemd > team on github) to send us private PRs and issues in order to handle > security issues. > > It appears to me that plan does not provide the core need we have: > allow those random folks from the Internet to report security issues > in privacy to us... Or what am I missing? > > Lennart > > -- > Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] GithHub / private repos
When you create a new organization you can choose "Team For Open Source" plan. Here is the link https://github.com/account/organizations/new Though, I don't know if it's possible to upgrade the existing systemd organization, sorry. Maybe it's possible to contact github support to ask for this. -- Alex On Mon, Jan 14, 2019 at 7:19 PM Lennart Poettering wrote: > > On Fr, 11.01.19 13:57, Alex Dzyoba (a...@dzyoba.com) wrote: > > > Team plan with unlimited private repos and unlimited collaborators is free > > for open source teams. > > Where do we request that? > > Lennart > > -- > Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] GithHub / private repos
Team plan with unlimited private repos and unlimited collaborators is free for open source teams. On Wed, Jan 9, 2019 at 11:41 PM Michael Biebl wrote: > > Am Mi., 9. Jan. 2019 um 21:24 Uhr schrieb Michael Biebl : > > > > https://blog.github.com/2019-01-07-new-year-new-github/ > > > > might be of interest given the recent discussions how to handle security issues. > > Answering to myself: With the restriction of 3 developers per private > repository, it's probably not particularly useful for this case. > > Too bad :-/ > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
