Skip to content

Added security.txt#699

Merged
bennyvasquez merged 6 commits intoAlmaLinux:masterfrom
Noam-Alum:adding-vulnerability-disclosure-policy
Jan 10, 2025
Merged

Added security.txt#699
bennyvasquez merged 6 commits intoAlmaLinux:masterfrom
Noam-Alum:adding-vulnerability-disclosure-policy

Conversation

@Noam-Alum
Copy link
Contributor

@Noam-Alum Noam-Alum commented Dec 3, 2024

Let me know what you think

Things added in this PR

  1. The security.txt file.
  2. A vulnerability disclosure policy.
  3. Links to the security.txt file (If you think we can add it in more places please let me know)
  4. A GitHub issue form, this form would be added to all of our GitHub repos if you guys accept it. (Mostly what @bennyvasquez supplied)

TODO

  • We still need to sign the security.txt file and upload security-pgp-key.txt, I wasn't sure if I can self sign it, can someone expand on how to go about it?

@bennyvasquez bennyvasquez self-assigned this Dec 3, 2024
@codyro codyro self-assigned this Dec 3, 2024
@codyro
Copy link
Member

codyro commented Dec 3, 2024

We still need to sign the security.txt file and upload security-pgp-key.txt, I wasn't sure if I can self sign it, can someone expand on how to go about it?

Signing will happen by the foundation with a trusted PGP key used for this purpose.

TL;DR we'll sign it once we generate the key

codyro
codyro reviewed Dec 3, 2024
View reviewed changes
Copy link
Member

@codyro codyro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick scour of the contents in this PR. I know it's a draft :)

bennyvasquez
bennyvasquez reviewed Dec 4, 2024
View reviewed changes
Copy link
Member

@bennyvasquez bennyvasquez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you SOOOOOO much for getting this over the finish line, @Noam-Alum! You took my terrible scratch-pad notes and made something VERY good. <3

We should add a mention of this policy to the /security as well. Even if it's just a "If you're looking for how to report a security flaw, please refer to our $policy."

@Noam-Alum @bennyvasquez
Update vulnerability-disclosure-policy.md
420347d 
Co-authored-by: benny Vasquez <bennyvasquez@users.noreply.github.com>
@Noam-Alum @bennyvasquez
Update security.txt
e888baf 
Co-authored-by: benny Vasquez <bennyvasquez@users.noreply.github.com>
javihernandez
javihernandez reviewed Dec 4, 2024
View reviewed changes
javihernandez
javihernandez reviewed Dec 4, 2024
View reviewed changes
javihernandez
javihernandez reviewed Dec 4, 2024
View reviewed changes
@Noam-Alum Noam-Alum mentioned this pull request Dec 5, 2024
Open
@bennyvasquez bennyvasquez added the enhancement New feature or request label Jan 6, 2025
@Noam-Alum Noam-Alum mentioned this pull request Jan 6, 2025
Closed
@bennyvasquez bennyvasquez marked this pull request as ready for review January 6, 2025 19:39
bennyvasquez
bennyvasquez approved these changes Jan 10, 2025
View reviewed changes
Copy link
Member

@bennyvasquez bennyvasquez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving and merging per the ALESCo meeting and AlmaLinux/ALESCo#1

@bennyvasquez bennyvasquez merged commit acb18ea into AlmaLinux:master Jan 10, 2025
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codyro codyro codyro left review comments

@bennyvasquez bennyvasquez bennyvasquez approved these changes

+1 more reviewer

@javihernandez javihernandez javihernandez left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@codyro codyro

@bennyvasquez bennyvasquez

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Noam-Alum @codyro @javihernandez @bennyvasquez