Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31364

Suggestion to a Github Security Policy file

    XMLWordPrintable

Details

    Description

      Hi!

      I'd like to know if you have considered using a SECURITY.md to store (or redirect to) your Security Policy file, as it's usually GitHub's standard. I see that MariaDB/server already defines a complete Security Policy on its website, and it's well documented on your [README](https://github.com/MariaDB/server#bug-reports). My suggestion would be to also use the SECURITY.md file to redirect to your website.

      With this change, the instructions on how to report vulnerability would be easily found in the [Security Dashboard](https://github.com/diogoteles08/mariadb-server/security) and in the about section of the project, as seen in the picture sent as attachment.

      Optionally, we can also edit the README file to mention the security policy in GitHub and avoid the duplication of links to mariadb's website. ([example](https://github.com/diogoteles08/mariadb-server/blob/11.1/README.md#bug-reports)).

      I've made the changes in this fork https://github.com/diogoteles08/mariadb-server if you want to take a closer look. Let me know if a PR is welcome and I'll submit it ASAP.

      Thanks!

      Attachments

        Activity

          People

            danblack Daniel Black
            diogoteles08 Diogo Teles Sant Anna
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.