reactiveui / rfcs

RFCs for changes to ReactiveUI
https://reactiveui.net/rfcs
5 stars 5 forks source link

RFC: Create SECURITY.md #26

Open vatsalyagoel opened 5 years ago

vatsalyagoel commented 5 years ago

Is your feature request related to a problem? Please describe. Currently there is no way for people to report security vulnerabilities in any of the ReactiveUI packages.

Describe the solution you'd like Add a SECUTIRY.md file as suggested by GitHub that lists versions that will get security patches and a way for people to securely send reports.

Describe suggestions on how to achieve the feature I recommend creating a publishing a PGP key for someone to encrypt their communications before reporting them to us via security@reactiveui.net. They can then be discussed as an advisory in the repository's security section. Sample: dotnet/corefx

Additional context https://github.com/features/security

glennawatson commented 5 years ago

Wed probably want to add one page on the website project, add a security.md file that references our central policies.

One problem we have is the email and domain is owned by former maintainers so we have limited ability to create new aliases where we are able to get prompt responses from.

glennawatson commented 5 years ago

I'm actually thinking maybe something like https://gitreports.com/ and posting to a private Security repository.

Git Reports
Git Reports
Git Reports is a free service that lets you set up a stable URL for anonymous users to submit bugs and other Issues to your GitHub repositories.