Open vatsalyagoel opened 4 years ago
glennawatson
commented
4 years ago Wed probably want to add one page on the website project, add a security.md file that references our central policies.
One problem we have is the email and domain is owned by former maintainers so we have limited ability to create new aliases where we are able to get prompt responses from.
glennawatson
commented
4 years ago I'm actually thinking maybe something like https://gitreports.com/ and posting to a private Security repository.
Git Reports
Git Reports is a free service that lets you set up a stable URL for anonymous users to submit bugs and other Issues to your GitHub repositories.
Is your feature request related to a problem? Please describe. Currently there is no way for people to report security vulnerabilities in any of the ReactiveUI packages.
Describe the solution you'd like Add a SECUTIRY.md file as suggested by GitHub that lists versions that will get security patches and a way for people to securely send reports.
Describe suggestions on how to achieve the feature I recommend creating a publishing a PGP key for someone to encrypt their communications before reporting them to us via security@reactiveui.net. They can then be discussed as an advisory in the repository's security section. Sample: dotnet/corefx
Additional context https://github.com/features/security