flybayer
commented
3 years ago Good idea!
For now probably the best is to email me directly
Open MrLeebo opened 3 years ago
flybayer
commented
3 years ago Good idea!
For now probably the best is to email me directly
duke-m
commented
1 year ago I recommend https://securitytxt.org, it's easy to setup and maintain, gives a certain level of standardization and security (when obeying to the usual rules when generating and maintaining and revoking keys).
Despite our best efforts, it's likely that a security vulnerability will be discovered by a non-contributor out in the wild. It would be good to have a page instructing them how to best report the issue so that it can be resolved. I imagine that a lot of security issues can be reported as basic GitHub issues, but I believe we need to allow for the possibility of an exploit that is so dangerous that it would be better not to publish it until after we have a fix in place.