Closed gabibguti closed 4 months ago
Hi Gabriela,
Yes, good idea. Feel free to open a PR about this.
On Sat, Jun 3, 2023 at 5:31 AM Gabriela Gutierrez @.***> wrote:
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and communicate when vulnerabilities will be confirmed, fixed and disclosed to the public.
This is considered a good-practice and recommended by Github https://docs.github.com/en/code-security/getting-started/securing-your-repository#setting-a-security-policy and Scorecard https://github.com/ossf/scorecard.
If you agree, I can open a PR to suggest a Security Policy! We can then work together to communicate how the repo can best handle vulnerability reports. Additional Context
Hi! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
— Reply to this email directly, view it on GitHub https://github.com/PythonCharmers/python-future/issues/620, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAATD2UKHNPX5AMUJTOVR5DXJI5QPANCNFSM6AAAAAAYYWWFJI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
-- Dr. Edward Schofield Python Charmers +61 (0)405 676 229 http://pythoncharmers.com
I dont kno if i did this right are not i was just trying to see my emails go to the right inbox thanks😄
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and communicate when vulnerabilities will be confirmed, fixed and disclosed to the public.
This is considered a good-practice and recommended by Github and Scorecard.
If you agree, I can open a PR to suggest a Security Policy! We can then work together to communicate how the repo can best handle vulnerability reports.
Additional Context
Hi! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)