elevran
commented
1 month ago Not sure we want vulnerabilities reported as normal issues. Need to research what options are available so they can be fixed before disclosed publicly (e.g., maintainers mailing list)
Given that we are in the alpha stage, I think this would suffice. When we are out of alpha stage, it would be valuable to revise this process as security vulnerabilities may need to be handled differently than other enhancements/bugs/comments.