Hi All,
You may have noticed (or nor) that GitHub has a Security [1] tab for our
repositories. On this tab, you can define a Security Policy.[2] in a
SECURITY.md (just like we have a README.md).
I would like to fill this in with the same text we now have here:
https://commons.apache.org/security.
+1 this is a fantastic idea Gary.
On 8/22/2020 9:26 AM, Gary Gregory wrote:
Hi All,
You may have noticed (or nor) that GitHub has a Security [1] tab for our
repositories. On this tab, you can define a Security Policy.[2] in a
SECURITY.md (just like we have a README.md).
I would like to fill th
Actually, maybe our build plugin can generate this page like it generates
others like README.md...
Gary
On Sat, Aug 22, 2020 at 9:26 AM Gary Gregory wrote:
> Hi All,
>
> You may have noticed (or nor) that GitHub has a Security [1] tab for our
> repositories. On this tab, you can define a Securi
Here is a first cut:
https://github.com/apache/commons-io/security/policy
This is pretty much a copy of https://commons.apache.org/security.html with
an extra link, a spelling fix, and slightly different formatting.
Gary
On Sat, Aug 22, 2020 at 9:32 AM Gary Gregory wrote:
> Actually, maybe o
Hi.
2020-08-22 15:26 UTC+02:00, Gary Gregory :
> Hi All,
>
> You may have noticed (or nor) that GitHub has a Security [1] tab for our
> repositories. On this tab, you can define a Security Policy.[2] in a
> SECURITY.md (just like we have a README.md).
>
> I would like to fill this in with the same
Two items: (1) security is different because, well, it seems obvious to me
that anything security related should be as accessible as possible as
opposed to going through an extra hoop and (2) making/keeping our GitHub
presence a first class citizen in how we put a face on the project.
Gary
On Sat
2020-08-22 16:40 UTC+02:00, Gary Gregory :
> Two items: (1) security is different
from what?
> because, well, it seems obvious to me
> that anything security related should be as accessible as possible as
> opposed to going through an extra hoop
YMMV, but IMHO the (unique) "source of truth" is o
I don’t see any harm having more documentation. It’s kinda like the apple
philosophy of trying to make every thing that someone would think of doing on a
computer, actually work like they think it would…right? The more intuitive we
can make things the better we will end up being, I would think.
2020-08-22 16:02 UTC+02:00, Gary Gregory :
> Here is a first cut:
>
> https://github.com/apache/commons-io/security/policy
And here is my suggestion:
https://github.com/apache/commons-rng/security/policy
YMMV,
Gilles
> [...]
--
On Sat, 22 Aug 2020 at 17:13, Gilles Sadowski wrote:
>
> 2020-08-22 16:02 UTC+02:00, Gary Gregory :
> > Here is a first cut:
> >
> > https://github.com/apache/commons-io/security/policy
Why does IO have links to Known Vulnerabilities for Compress,
Collections etc, but not IO?
> And here is my su
On Sat, Aug 22, 2020 at 4:50 PM sebb wrote:
> On Sat, 22 Aug 2020 at 17:13, Gilles Sadowski
> wrote:
> >
> > 2020-08-22 16:02 UTC+02:00, Gary Gregory :
> > > Here is a first cut:
> > >
> > > https://github.com/apache/commons-io/security/policy
>
> Why does IO have links to Known Vulnerabilities
On Sat, 22 Aug 2020 at 23:45, Gary Gregory wrote:
>
> On Sat, Aug 22, 2020 at 4:50 PM sebb wrote:
>
> > On Sat, 22 Aug 2020 at 17:13, Gilles Sadowski
> > wrote:
> > >
> > > 2020-08-22 16:02 UTC+02:00, Gary Gregory :
> > > > Here is a first cut:
> > > >
> > > > https://github.com/apache/commons-i
Might be easier to have a simpler page with the link as Gilles suggested.
But +1 to the the idea of showing users in GitHub too how to report security
issues.
Bruno
On Sunday, 23 August 2020, 4:13:10 am NZST, Gilles Sadowski
wrote:
2020-08-22 16:02 UTC+02:00, Gary Gregory :
> Her
13 matches
Mail list logo
