junction icon indicating copy to clipboard operation
junction copied to clipboard

Published 20 hours ago verified publisher icon pythonindia

Adopt a security policy

Open icyphox opened this issue 5 years ago • 2 comments

We should adopt a security policy for Junction, something like a SECURITY.md file. The essential points that need to be outlined in it are:

  • Rules of engagement (like don't test on prod!)
  • What counts as a bug (it could be a feature :))
  • Reporting a bug (who to contact, report template)

This is in relation to #583, which I wasn't too happy about reporting via an issue, but I didn't know better.

Thoughts?

icyphox avatar Apr 12 '19 16:04 icyphox

I agree. We should quickly adopt some kind of security policy. Security on this project is a problem (see #571), and having a security policy helps. Can you please suggest another project that we can refer for this ?

zerothabhishek avatar Apr 12 '19 17:04 zerothabhishek

I feel https://github.com/standard/standard/blob/master/SECURITY.md is a good starting point. We can build on this.

icyphox avatar Apr 12 '19 17:04 icyphox