robinmoisson
commented
1 year ago This is a great suggestion and I'll set it up, thanks!
Closed DoodlesEpic closed 1 year ago
robinmoisson
commented
1 year ago This is a great suggestion and I'll set it up, thanks!
robinmoisson
commented
1 year ago Commits are now signed :tada:
I'll add a security policy later this week. Thanks for the suggestion!
robinmoisson
commented
1 year ago Added a security policy so I'm closing this issue, but feel free to comment if you feel something else should be added to it. Thanks!
I believe since this is a security sensitive project you should take your time to set up a GitHub security policy. It basically just gives people a (safe) way to contact you if they discover a vulnerability and provides your users the information on how these kinds of problems will be dealt with. It would also be nice to have signed commits for new changes to the repository, as currently a user has no way to detect malicious changes to the code easily.
GitHub: Adding a security policy to your repository