|
|
|
|
|
|
by Ded7xSEoPKYNsDd
2434 days ago
|
|
|
As someone who regularly needs to report security vulnerabilities to projects hosted on Github, I find it incredibly annoying that I can't create one of these 'maintainer advisories' (or just a regular issue that's non-public) as an outsider. These 'security.md' files would work for me just as well to define a security contact, but I've never come across one of these in the wild... so I end up wasting my time hunting down maintainers and their email addresses, when everyone involved would have a much easier time if it were all handled through Github by allowing everyone to create a (draft) 'maintainer advisory'. |
|
|