mmdriley
commented
4 months ago It seems like we could disable it for for the llvm-project repo: docs link
Another option I considered was to change the template for security advisories in llvm-project to point people to llvm-security-repo, but unfortunately that doesn't appear to be supported by GitHub at the moment: feature request
The security "tab" exists on both the llvm-project repo and the llvm-security-repo. It may well also exist on other repositories in the LLVM github organization.
All of the LLVM security issues for all of the repositories from now on get reported under the llvm-security-repo, and all advisories will be visible only at https://github.com/llvm/llvm-security-repo/security/advisories.
Currently, the security tab on the llvm-project repo is enabled. There are a number of functionalities under this tab, including security advisories, dependabot results, and more, see screenshot below. Would it be possible to remove or disable the "advisories" tab under the "security tab" for the llvm-project repo? Or alternatively, make it a forwarding link to the advisories in the llvm-security-repo repo? That would likely help people to find the advisories and be less confused about where to find them.
@llvm/llvm-security-group @tstellar