distribution-spec icon indicating copy to clipboard operation
distribution-spec copied to clipboard
verified publisher icon opencontainers

Enable security reports

Open sudo-bmitch opened this issue 3 years ago • 1 comments

Should distribution-spec enable the security reports feature recently launched by GitHub? I'm leaning towards yes, but wanted to get some buy in before clicking the button.

https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

sudo-bmitch avatar Nov 10 '22 14:11 sudo-bmitch

It'd be useful to get the folks who are currently on the [email protected] list access to any incoming reports here as well. Some of the incoming reports have been cross-cutting and having consistent access has been useful for coordinating the response.

samuelkarp avatar Nov 14 '22 00:11 samuelkarp

@opencontainers/distribution-spec-maintainers I plan to turn this on today, and it can be disabled if we later discover an issue.

sudo-bmitch avatar Aug 01 '24 15:08 sudo-bmitch

This has been enabled.

sudo-bmitch avatar Aug 01 '24 18:08 sudo-bmitch