Check the wiki & codebase for mentions of security@edx.org/@tcril.org and update it to security@openedx.org

[feanil]

Also update any mentions of security@tcril.org to security@openedx.org

As of 2023-03-10, this includes in our codebases:

% allgit - grep "security@tcril.org" | allgit2tsv
course-discovery    README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-ace README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-cookiecutters   python-template/{{cookiecutter.placeholder_repo_name}}/README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-developer-docs  README.rst:Please do not report security issues in public. Please email security@tcril.org
edx-enterprise-subsidy-client   README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-rest-api-client README.rst:Please do not report security issues in public. Please email security@tcril.org.
enterprise-subsidy  README.rst:Please do not report security issues in public. Please email security@tcril.org.
event-bus-redis README.rst:Please do not report security issues in public. Please email security@tcril.org.
frontend-app-learner-record README.rst:Please do not report security issues in public. Please email security@tcril.org.
openedx-events  README.rst:Please do not report security issues in public. Please email security@tcril.org.
openedx-filters README.rst:Please do not report security issues in public. Please email security@tcril.org.
openedx-ledger  README.rst:Please do not report security issues in public. Please email security@tcril.org.
token-utils README.rst:Please do not report security issues in public. Please email security@tcril.org.
xapi-db-load    README.rst:Please do not report security issues in public. Please email security@tcril.org.
xblock-lti-consumer README.rst:Please do not report security issues in public. Please email security@tcril.org.
xblock-skill-tagging    README.rst:Please do not report security issues in public. Please email security@tcril.org.

Reasoning

For any security issues with the Open edX Platform codebase, they should go to security@openedx.org which will be handled by the openedx security working group. The security@tcril.org or security@axim.org addresses should be used for reporting issues with resources owned by Axim that are not a part of the Open edX codebase.

[timmc-edx]

I also see a mention on https://openedx.org/community/connect/

[MAAngamarca]

Hi, I'm going to work on this issue.

[feanil]

@MAAngamarca sounds good, let me know if you have any questions! I've assigned this to you for now.

[nedbat]

Just for clarity: now that axim.org is a thing, the address should still be security@openedx.org?

[feanil]

@nedbat yes, we're trying to use the openedx.org address as the new address instead of the axim one. This makes it easier to separate the security issues related to axim the company from security issues related to the Open edX Project.

[feanil]

@MAAngamarca have you had time to work on this? I don't know if I've missed the relevant PRs. If not, should someone else pick this up?

[MAAngamarca]

@feanil Sorry, I forgot to change in all repositories, but I just did.

[feanil]

I've checked the ORG and updated the openedx.org site. This should be all set now, thank you @MAAngamarca!