Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Add instruction for reporting security issues to README.md and via GitHub security policy #402

Closed
invidian opened this issue May 23, 2021 · 1 comment
Closed

[RFE] Add instruction for reporting security issues to README.md and via GitHub security policy #402

invidian opened this issue May 23, 2021 · 1 comment
Labels
kind/feature A feature request security security concerns

Comments

@invidian
Copy link
Member

Current situation

README.md currently only mentions that problems should be reported via issues. It would be good to better align with https://kinvolk.io/flatcar-container-linux/security/ and mention channels for reporting security issues.

Impact

Security issues might get accidentally disclosed because of lack of clear secure communication channels for reporting security issues.

Ideal future situation

It is clearly documented where to report possible security issues.

**Implementation options

  • add section with security email to README.md
  • add GitHub security policy
@invidian invidian added the kind/feature A feature request label May 23, 2021
@dongsupark dongsupark added the security security concerns label Jul 8, 2022
@dongsupark
Copy link
Member

This has been done by creating SECURITY.md via #1039.
If there is more to update the docs, feel free to open a new issue or create a PR.

@github-actions github-actions bot mentioned this issue Nov 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature A feature request security security concerns
Projects
Flatcar tactical, release planning, and roadmap
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dongsupark @invidian