Screenshot 2023-05-29 at 18.47.59.png
[MDEV-31364] Suggestion to a Github Security Policy file Created: 2023-05-29 Updated: 2023-06-04 Resolved: 2023-06-04 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Documentation, Repositories |
| Fix Version/s: | 11.1.4 |
| Type: | Task | Priority: | Trivial |
| Reporter: | Diogo Teles Sant Anna | Assignee: | Daniel Black |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | Security | ||
| Attachments: |
Screenshot 2023-05-29 at 18.47.59.png
|
| Description |
|
Hi! I'd like to know if you have considered using a SECURITY.md to store (or redirect to) your Security Policy file, as it's usually GitHub's standard. I see that MariaDB/server already defines a complete Security Policy on its website, and it's well documented on your [README](https://github.com/MariaDB/server#bug-reports). My suggestion would be to also use the SECURITY.md file to redirect to your website. With this change, the instructions on how to report vulnerability would be easily found in the [Security Dashboard](https://github.com/diogoteles08/mariadb-server/security) and in the about section of the project, as seen in the picture sent as attachment. Optionally, we can also edit the README file to mention the security policy in GitHub and avoid the duplication of links to mariadb's website. ([example](https://github.com/diogoteles08/mariadb-server/blob/11.1/README.md#bug-reports)). I've made the changes in this fork https://github.com/diogoteles08/mariadb-server if you want to take a closer look. Let me know if a PR is welcome and I'll submit it ASAP. Thanks! |
| Comments |
| Comment by Daniel Black [ 2023-05-29 ] |
|
Good idea. PR welcome. Not sure what makes our policy "special" however. |
| Comment by Diogo Teles Sant Anna [ 2023-05-30 ] |
|
Great! I'll raise the PR |