Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README: document the security model #183

Merged
merged 7 commits into from
Dec 4, 2021
Merged

README: document the security model #183

merged 7 commits into from
Dec 4, 2021

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Dec 3, 2021
edited
Loading

Closes #181.

@woodruffw woodruffw added the component:docs Documentation components label Dec 3, 2021
@woodruffw woodruffw requested a review from di December 3, 2021 21:51
@woodruffw woodruffw self-assigned this Dec 3, 2021
di
di reviewed Dec 4, 2021
View reviewed changes
README.md Outdated
Comment on lines 16 to 22
- [Installation](#installation)
- [Usage](#usage)
- [Examples](#examples)
- [Security Model](#security-model)
- [Licensing](#licensing)
- [Contributing](#contributing)
- [Code of Conduct](#code-of-conduct)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work on PyPI: pypa/readme_renderer#169

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

440029c

di
di reviewed Dec 4, 2021
View reviewed changes
README.md Outdated Show resolved Hide resolved
di
di reviewed Dec 4, 2021
View reviewed changes
README.md Outdated Show resolved Hide resolved
di
di reviewed Dec 4, 2021
View reviewed changes
README.md Outdated

`pip-audit` is a tool for auditing Python environments for packages with
*known vulnerabilities*. A "known vulnerability" is a flaw in a package that,
if uncorrected, *might* allow a malicious actor to perform unintended actions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...and also has been publicly reported to the project maintainers.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1b0e38f

di
di reviewed Dec 4, 2021
View reviewed changes
README.md Outdated Show resolved Hide resolved
di
di approved these changes Dec 4, 2021
View reviewed changes
Copy link
Member

@di di left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM w/ requested changes.

tetsuo-cpp and others added 6 commits December 4, 2021 15:35
@tetsuo-cpp @di
Update README.md
634d1be 
Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
@tetsuo-cpp @di
Update README.md
8e21c20 
Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
@tetsuo-cpp @di
Update README.md
aa2fca7 
Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
@tetsuo-cpp
README: Remove double "it"
b52b97c
@tetsuo-cpp
README: Reword section about known vulnerabilities
1b0e38f
@tetsuo-cpp
README: Remove table of contents
440029c
@tetsuo-cpp tetsuo-cpp merged commit c792146 into main Dec 4, 2021
@tetsuo-cpp tetsuo-cpp deleted the ww/sec-model branch December 4, 2021 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@tetsuo-cpp tetsuo-cpp Awaiting requested review from tetsuo-cpp

Assignees

@woodruffw woodruffw

Labels
component:docs Documentation components
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Document pip-audit's security model
3 participants
@woodruffw @di @tetsuo-cpp