ben
commented
3 years ago I don't think this really applies to us? Can you give me more of an idea of what you're trying to do here?
Closed Tomtam25 closed 3 years ago
ben
commented
3 years ago I don't think this really applies to us? Can you give me more of an idea of what you're trying to do here?
HonkingGoose
commented
3 years ago I don't think this really applies to us? Can you give me more of an idea of what you're trying to do here?
This is just the basic GitHub security template, that you get when you go to the Security -> Overview -> Security policy section of this repository. 😉
Normally I'd be called SECURITY.md and you'd put information in there on how people should report security bugs/concerns. Sometimes you really want people to email instead of opening an issue. This can give the repository maintainer time to respond/fix the problem before all the world knows about it.
Example of a real world SECURITY.md file: https://github.com/renovatebot/renovate/blob/main/SECURITY.md
This makes it so that the Issue template selector shows a button with "View policy" when people are about to open a issue: https://github.com/renovatebot/renovate/issues/new/choose
ben
commented
3 years ago Okay, now that I'm thinking about it, we could have a channel for disclosing some kind of security issue. I'm having a hard time imagining one, because none of our outputs include running code, but unknown-unknowns, etc. Fine.
This PR as of today, nearly a month into its life, is still just template content. @Tomtam25 do you intend to fill this in? Is it your intent to get us to fill it in?
ben
commented
3 years ago Closing this, the author doesn't seem interested in getting it merged.
Changes
Context