Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define a security policy #1658

Open
jpmcb opened this issue Apr 8, 2022 · 3 comments
Open

Define a security policy #1658

jpmcb opened this issue Apr 8, 2022 · 3 comments
Assignees
@jpmcb
Labels
admin For general admin tasks to be done usualy by maintainers help-wanted An issue that the maintainers would like help resolving kind/security Related to projects/libraries that depend on cobra lifecycle/frozen Prevents GitHub actions from labeling issues / PRs with stale and rotten

Comments

@jpmcb
Copy link
Collaborator

jpmcb commented Apr 8, 2022

cobra needs a security policy.

Generally, this should define:

  • How users should report vulnerabilities
  • How cobra maintainers respond
  • How known security vulnerabilities and CVEs are communicated to the community

Inspiration from Open Web Application Security Project

We'd also like any input from the community since, in the end, all these policies serve the community
@jpmcb jpmcb added admin For general admin tasks to be done usualy by maintainers kind/security Related to projects/libraries that depend on cobra help-wanted An issue that the maintainers would like help resolving labels Apr 8, 2022
@jpmcb jpmcb self-assigned this Apr 8, 2022
@jpmcb
Copy link
Collaborator Author

jpmcb commented Apr 8, 2022

We do mention this in the contributing guide: #1601 (comment)

But we should create a SECURITY.md and enter these policies in GitHub

@github-actions
Copy link

github-actions bot commented Jun 8, 2022

The Cobra project currently lacks enough contributors to adequately respond to all issues. This bot triages issues and PRs according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied. - After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied and the issue is closed.
    You can:
  • Make a comment to remove the stale label and show your support. The 60 days reset. - If an issue has lifecycle/rotten and is closed, comment and ask maintainers if they'd be interseted in reopening

@github-actions github-actions bot closed this as completed Jul 8, 2022
@jpmcb jpmcb reopened this Oct 3, 2022
@jpmcb jpmcb added lifecycle/frozen Prevents GitHub actions from labeling issues / PRs with stale and rotten and removed lifecycle/rotten labels Oct 3, 2022
@jpmcb jpmcb mentioned this issue Nov 15, 2022
Closed
@umarcor umarcor mentioned this issue Nov 25, 2022
Closed
@tlarnold10
Copy link

@jpmcb I can take a look at this. Not sure if you have any suggestions, but otherwise I can put something together based on similar projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpmcb jpmcb

Labels
admin For general admin tasks to be done usualy by maintainers help-wanted An issue that the maintainers would like help resolving kind/security Related to projects/libraries that depend on cobra lifecycle/frozen Prevents GitHub actions from labeling issues / PRs with stale and rotten
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tlarnold10 @jpmcb