Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No place to report a security issue #582

Open
nobuto-m opened this issue Aug 14, 2024 · 4 comments
Open

No place to report a security issue #582

nobuto-m opened this issue Aug 14, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@nobuto-m
Copy link

postgresql-operator/README.md

Lines 152 to 153 in 602d9bc

## Security
Security issues in the Charmed PostgreSQL Operator can be reported through [LaunchPad](https://wiki.ubuntu.com/DebuggingSecurity#How%20to%20File). Please do not use GitHub to submit security issues.

The README suggests not to use this Github repository for reporting security issues. However, there is no information what exact Launchpad project to use for such a report.
@nobuto-m nobuto-m added the bug Something isn't working label Aug 14, 2024
@github-actions GitHub Actions
Copy link
Contributor

https://warthogs.atlassian.net/browse/DPE-5151

@nobuto-m
Copy link
Author

I filed it under https://bugs.launchpad.net/postgresql-charm/+bug/2076956 for the time being.

@taurus-forever
Copy link
Contributor

taurus-forever commented Aug 23, 2024
edited
Loading

Hi @nobuto-m , we have placed this information under the Contact form: https://charmhub.io/postgresql/docs/r-contacts

Report security issues through Launchpad

It is to involve Canonical Security Team, to avoid early leaking and proper CVE handling when necessary.

We will keep this opened to handle the report https://bugs.launchpad.net/postgresql-charm/+bug/2076956
CC: @marceloneppel , @dragomirp , consider to set password (and maybe listen admin on localhost only).
Thank you for helping us making our charm better!

@nobuto-m
Copy link
Author

Hi @nobuto-m , we have placed this information under the Contact form: https://charmhub.io/postgresql/docs/r-contacts

Report security issues through Launchpad

It is to involve Canonical Security Team, to avoid early leaking and proper CVE handling when necessary.

That's the exact point of this issue. The linked page states the following.

How to File

New security bugs should be created in the Ubuntu bug tracker (Launchpad). If you do not have a Launchpad account and prefer not to create one, you may send your report to [email protected]. We also accept GPG-encrypted mail.

To report a security vulnerability in an Ubuntu package, follow the regular bug-filing instructions, but take special note of the "Mark as security issue" check box near the bottom of the form:

And to report a security issue in Launchpad, this project has to be tracked in Launchpad. Because it's not about Ubuntu packages or anything like that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@taurus-forever @nobuto-m