Note: lists.hyperledger.org will be down for maintenance on Monday, September 26th, starting at 9AM Pacific Time (4PM Monday September 26, 2022 UTC), for approximately one hour.
- security vuln reporting policy in GH
Re: security vuln reporting policy in GH
toggle quoted messageShow quoted text
Since this is a .md file in repo, delegating updates to that file as required to the maintainers of that repo makes sense to me.
It would also be pretty easy to roll out a default, as you described, and have maintainers update if they like?
On Wed, Sep 25, 2019 at 6:56 AM Dave Huseby <dhuseby@...
Here's more detail in my thinking. The informational section of the security policy should really just be a link back to the policy/info published on our wiki. As for the set of releases currently being supported, I'm concerned about the maintenance of that. Do you see the maintainers keeping that list up-to-date? I haven't looked at the GH API to see if there is a way for us to refresh it from the CI pipeline when changes to the supported releases are made. Ideally, we'd use Git tags to enumerate the currently supported releases of a given repo and the CI pipeline would run a task to re-generate this policy dock and update it via the GH API.
As I said before, this is a good idea. It never hurts to shout about our security policies on every platform to encourage interaction and contributions that are security focused.
Community Architect, Hyperledger
Join email@example.com to automatically receive all group messages.