Re: GithHub / private repos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If we're actually discussing private repos for reporting security issues then
Github product is not helpful. It seems that most of the projects use private
mailing lists for that. For example, Linux kernel has security@xxxxxxxxxx and
another one for coordination with distributions - more details here
https://www.kernel.org/doc/html/v4.18/admin-guide/security-bugs.html

So I think something like systemd-security@xxxxxxxxxxxxxxxxxxxxx is
the way to go.

Alex

On Sat, Jan 26, 2019 at 3:42 PM Lennart Poettering
<lennart@xxxxxxxxxxxxxx> wrote:
>
> On Di, 15.01.19 21:21, Alex Dzyoba (alex@xxxxxxxxxx) wrote:
>
> > When you create a new organization you can choose "Team For Open
> > Source" plan. Here is the link
> > https://github.com/account/organizations/new
> >
> > Though, I don't know if it's possible to upgrade the existing systemd
> > organization, sorry. Maybe it's possible to contact github support to
> > ask for this.
>
> So I had a closer look at this, and found this:
>
> https://help.github.com/articles/github-s-products/
>
> IIUC "GitHub Team for Open Source" doesn't actually add anything we
> need. Because what we need would actually be the ability for arbitrary
> people (i.e. not people who necessarily are members of our systemd
> team on github) to send us private PRs and issues in order to handle
> security issues.
>
> It appears to me that plan does not provide the core need we have:
> allow those random folks from the Internet to report security issues
> in privacy to us... Or what am I missing?
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux