RandyMcMillan
commented
3 years ago 
Closed RandyMcMillan closed 2 years ago
RandyMcMillan
commented
3 years ago
RandyMcMillan
commented
3 years ago open to suggestions - i just wanted to post something to prompt discussion.
TheBlueMatt
commented
3 years ago Honestly we could just drop the email alias on the website and put it on Github only, then link more strongly to the github on the contact page?
Zero-1729
commented
3 years ago Agree, hopefully that would solve the spamming issue, assuming those who would see it on Github won't still email it for support.
Alternatively, if dropping the email alias from the site is too destructive a change, the security disclosure bit could be left the way it currently is on the site (small and easy to miss). The stack exchange can be left in bold, as someone desperately seeking help would likely be in a rush for answers and the large community support message in this PR would catch their attention first (which is good). However, seeing another large message for security disclosure might cause them to consider that as an option for getting support as well (even despite the "not for support" message, people are just funny like that).
Regardless, I'd prefer just dropping it from the site and moving it to Github only as suggested above.
harding
commented
3 years ago @TheBlueMatt
Honestly we could just drop the email alias on the website and put it on Github only, then link more strongly to the github on the contact page?
I'm happy to merge any changes wanted by the people on the list, but if moving the disclosure information to a different URL is something you think would work, we could just move it to a different page on the site.
TheBlueMatt
commented
3 years ago Oops, to clarify, I’m not advocating moving security disclosure to GitHub issues, I’m suggesting that the only mention of the security disclosure alias be on GitHub issue default text or other similar. It’s just an idea and I’m not on that alias anymore so I can’t speak for anyone :).
On Aug 23, 2021, at 06:15, David A. Harding @.***> wrote:
@TheBlueMatt
Honestly we could just drop the email alias on the website and put it on Github only, then link more strongly to the github on the contact page?
I'm happy to merge any changes wanted by the people on the list, but if moving the disclosure information to a different URL is something you think would work, we could just move it to a different page on the site.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
laanwj
commented
3 years ago Concept ACK. Thank you for working on this. I think this is a good solution to further discourage use of the alias for technical support, that it's only for reporting security issues.
Alternatively, if dropping the email alias from the site is too destructive a change, the security disclosure bit could be left the way it currently is on the site (small and easy to miss).
Agree, no need to make the "responsible disclosure" part big. People who find security issues tend to be good at finding semi-hidden links too :smile:
RandyMcMillan
commented
3 years ago 0aeee59
RandyMcMillan
commented
3 years ago ee2884d
RandyMcMillan
commented
3 years ago 1a12a84
RandyMcMillan
commented
3 years ago 197d098
RandyMcMillan
commented
3 years ago dea9847
RandyMcMillan
commented
3 years ago Here are a few variations to cherry-pick from...
harding
commented
2 years ago Tested ACK dea98475b78ea9fa115bc81634218e9876115adf . I think the current commit tip is one of the better options, and there's no need to delay this further---we can always tweak things again later.
Thanks @RandyMcMillan for working on this and for providing multiple options!