-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set a security policy #2142
Set a security policy #2142
Conversation
Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]>
You may submit the report in the following ways: | ||
|
||
- send an email to ???@???; and/or | ||
- send a [private vulnerability report](https://github.com/keras-team/keras-cv/security/advisories/new) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would actually just vote for just this latter option here. Seems simpler, and that we don't have to maintain a separate email address for this.
Is there a downside?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pnacht as to the question about the right mental model for keras-cv
and keras-nlp
, they can be thought of as equivalent to keras-team/keras
at least from this perspective. Maintained by the Keras team directly, supporting TF but not under the TF umbrella for maintenance/contribution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would actually just vote for just this latter option here. Seems simpler, and that we don't have to maintain a separate email address for this.
Is there a downside?
Done. And nope, no downside. Just remember to actually enable the advisories in the repo Settings > "Code security & analysis"!
@pnacht as to the question about the right mental model for
keras-cv
andkeras-nlp
, they can be thought of as equivalent tokeras-team/keras
at least from this perspective. Maintained by the Keras team directly, supporting TF but not under the TF umbrella for maintenance/contribution.
Gotcha. Thanks for the info.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Enabled the reporting now. Thanks!
Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]>
@pnacht can you make a sibling PR for keras-nlp? Thank you! |
* Set a security policy (#2142) * Add security policy Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> * Only use private vuln report Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> * add Random ops shim (#2145) * add Random ops shim * update random opss * handle None case * change seed handeling * undo changes * undo changes * undo * update int_seed * change int to init * update init_seed everywhere * add kwargs * undo bial * code reformat * remove dtype --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> Co-authored-by: Pedro Kaj Kjellerup Nacht <[email protected]>
* Add security policy Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> * Only use private vuln report Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]>
What does this PR do?
Fixes #2141
This PR sets a simple security policy for Keras CV. It is almost identical to the one used by keras-team/keras.
It currently offers two avenues to report vulnerabilities:
If you'd rather just use one of these, let me know and I'll modify the policy. Or, if you think /tf-keras's Tensorflow-based policy is a better fit, I can use it here as well. (I admit I'm not 100% sure which repos are still tied to TF and which aren't...)
Before submitting
Pull Request section?
to it if that's the case.
Who can review?
@divyashreepathihalli, @sampathweb (from the template)