Comments (5)
One thing we're missing is to decide on a place to publish advisories for these repos. For the SDK, we use GitHub.
from .github.
For dart-lang, my recommendation would be to use per-repo GitHub advisories across the board (until something better comes along).
from .github.
Perhaps something like this (the relative link should work when the SECURITY.md is displayed):
## Reporting vulnerabilities
To report potential vulnerabilities, please see our security policy on
[https://dart.dev/security](https://dart.dev/security).
## Published security advisories
For advisories published for in this repository, see
[security advisories](../../security/advisories?state=published).
I'm a bit unsure if the relative link will work well for both https://github.com/dart-lang/sdk/security/policy and https://github.com/dart-lang/sdk/blob/main/SECURITY.md, though. There also doesn't seem to be a page we can link to that lists all security advisories for dart-lang.
from .github.
I think we should have a deeper discussion of where advisories should be published before we go ahead with this.
from .github.
We may want to consider writing a generic SECURITY.md file that applies to all the projects in dart-lang. This way it can be added to https://github.com/dart-lang/.github/ and it will be automatically applied to all the projects.
from .github.
Related Issues (16)
- Enable allstar and scorecards in the top 10 critical projects of dart-lang HOT 7
- github.com/dart-lang/intl_translation teams HOT 1
- remove any https://github.com/dart-lang/intl teams HOT 1
- enable branch protection for protection for package:intl and package:intl_translation HOT 1
- check team setup for 2 repos HOT 4
- check team setup for https://github.com/dart-lang/characters HOT 1
- change the merge defaults for https://github.com/dart-lang/oauth2 HOT 2
- have a default CONTRIBUTING.md file
- Check the team status for https://github.com/dart-lang/dartdoc/ HOT 3
- We need repo descriptions for the following repos HOT 1
- have 'squash commits' on by default for dart-lang/test_reflective_loader HOT 1
- add a readme HOT 3
- configure dart-lang/convert to squash commits HOT 3
- Fix scorecard alerts for dart-lang / linter HOT 8
- Fix scorecard alerts in dart-lang / test HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from .github.