-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update security process #1564
Update security process #1564
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really good. Thank You very much for working on this.
I'm so happy that you have volunteered. I would have liked to have done more in this area (and localisation). I hope more contributors will make Exiv2 better and stronger.
I'm delighted by the emerging cooperation with Yaun. I am concerned that his enthusiasm for security drowns our development efforts and undermines Exiv2 credibility and good reputation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought you had already removed that. I added that in enthusiasm last year and never had time to investigate and create that table. I'm glad this information is now provided by some other mechanism. Good Work.
d7e92e0
to
ad5bac9
Compare
I added an extra paragraph to clarify that bugs found on the main branch aren't security bugs, unless they are also reproducible on an official release, such as v0.27.3. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks 👍
Suggested update to our security process.
Note: I removed the "Reported CVEs" section because it is incomplete and will become obsolete with this new process.