Closed hyandell closed 5 years ago
It would be nice to have something built into GitHub or just the ability to make private issues.
We are currently evaluating some external services like hackerone for CVE coordination.
this has come up again today, would be nice :)
+1, private issues would be super helpful
Does the new Maintainer Security Advisories address this?
yep
wfm
I'd like a process to report security issues to projects, and to have security issues reported to my organization, without having to do it in public. I suspect this comes down to private issues (i.e. only the requester and anyone with Write permission can read the issue).
Ideally the same would hold for pull requests; which would help with projects who don't have issues turned on.