Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A proposed security policy #376

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

A proposed security policy #376

wants to merge 6 commits into from

Conversation

timea-solid
Copy link
Member

This should be a basis to start a security policy which can be than copied on all repositories we own.

@timea-solid timea-solid requested a review from timbl April 13, 2023 19:40
@timea-solid timea-solid mentioned this pull request Apr 13, 2023
Open
TallTed
TallTed suggested changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@TallTed TallTed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Language tweaks for clarity

SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
@Otto-AA
Copy link

Otto-AA commented Apr 13, 2023

Looks good to me.

Depending on how you are able to deal with it I would consider to enable "private vulnerability reporting". If a security issue is public, everyone can read about them and abuse them until they are fixed. If they are private, they would have to find them out themself to abuse them, making it harder. I think in a project such as SolidOS this could be important, as I expect the time to a fix to be rather long (as it is largely volunteer-based).

I guess, then the main question would be if it is easy for you to define an appropriate group of people that can read these issues (eg people who regularly contribute to the project).

timea-solid and others added 5 commits April 14, 2023 09:12
@timea-solid @TallTed
Update SECURITY.md
6f48e7b 
Co-authored-by: Ted Thibodeau Jr <[email protected]>
@timea-solid @TallTed
Update SECURITY.md
565e9e3 
Co-authored-by: Ted Thibodeau Jr <[email protected]>
@timea-solid @TallTed
Update SECURITY.md
c128e05 
Co-authored-by: Ted Thibodeau Jr <[email protected]>
@timea-solid @TallTed
Update SECURITY.md
ebbd1fe 
Co-authored-by: Ted Thibodeau Jr <[email protected]>
@timea-solid @TallTed
Update SECURITY.md
5a223fd 
Co-authored-by: Ted Thibodeau Jr <[email protected]>
@timea-solid
Copy link
Member Author

Thank you @TallTed for fixing it. Seeing the improvements one could totally see I wrote it late last night 😅

@Otto-AA you bring up really good points. I need to think about it and maybe bring it up in the meeting. I am happy we started the process :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TallTed TallTed TallTed requested changes

@timbl timbl Awaiting requested review from timbl

Assignees
No one assigned
Labels
enhancement
Projects
SolidOS team tasks & Git issues
Status: In review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@timea-solid @Otto-AA @TallTed