Conversation
Signing will happen by the foundation with a trusted PGP key used for this purpose. TL;DR we'll sign it once we generate the key |
codyro
left a comment
There was a problem hiding this comment.
Quick scour of the contents in this PR. I know it's a draft :)
bennyvasquez
left a comment
There was a problem hiding this comment.
Thank you SOOOOOO much for getting this over the finish line, @Noam-Alum! You took my terrible scratch-pad notes and made something VERY good. <3
We should add a mention of this policy to the /security as well. Even if it's just a "If you're looking for how to report a security flaw, please refer to our $policy."
Co-authored-by: benny Vasquez <bennyvasquez@users.noreply.github.com>
Co-authored-by: benny Vasquez <bennyvasquez@users.noreply.github.com>
bennyvasquez
left a comment
There was a problem hiding this comment.
Approving and merging per the ALESCo meeting and AlmaLinux/ALESCo#1
Let me know what you think
Things added in this PR
security.txtfile.security.txtfile (If you think we can add it in more places please let me know)TODO
security.txtfile and uploadsecurity-pgp-key.txt, I wasn't sure if I can self sign it, can someone expand on how to go about it?