core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon dotnet

Security alerts on the announcements repo

Open svick opened this issue 3 years ago • 2 comments

Watching issues in the dotnet/announcements repo is a good way to get notified about security problems in .Net. The problem is that when you go to watch that repo, you also have the option to watch "Security alerts":

This might sound like exactly what you want to do, but AFAICT, that would only provide notifications about security alerts under the Security tab, which is empty in the announcements repo.

That is quite a confusing situation to be in, is there something that can be done to improve it? I'm assuming that security alerts can't be disabled, but would it be proper to copy information about security issues to the Security tab? Or is the best option to note this in the README?

svick avatar Nov 10 '22 09:11 svick

@terrajobst @richlander @jamshedd

steveharter avatar Nov 10 '22 16:11 steveharter

agree. @leecow @rbhanda is there a reason we cannot do this for our servicing releases that do carry CVE fixes?

jamshedd avatar Nov 10 '22 16:11 jamshedd