search

astropy / astropy-project

Documents and policies regarding the Astropy Project as a whole.
Creative Commons Attribution 4.0 International
36 stars 43 forks source link

How to handle security reports #359

Open pllim opened 1 year ago

pllim commented 1 year ago

There is a need to:

  1. Have a formal chain of communication when a report comes in. Not everyone watch GitHub, etc. Who needs to know.
  2. Update https://github.com/astropy/astropy/blob/main/SECURITY.md with any addition to the policy. Would be nice to tell people that they can open PR but be discrete about it or whatever.

p.s. I wonder if we can emulate some from https://www.python.org/dev/security/

dhomeier commented 1 year ago

p.s. I wonder if we can emulate some from https://www.python.org/dev/security/

May be the way to go; apparently Jupyter has set up something similar.