Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security process #1564

Merged
merged 2 commits into from
May 7, 2021
Merged

Update security process #1564

merged 2 commits into from
May 7, 2021

Conversation

kevinbackhouse
Copy link
Collaborator

Suggested update to our security process.
Note: I removed the "Reported CVEs" section because it is incomplete and will become obsolete with this new process.

@clanmills clanmills added this to the v1.00 milestone Apr 17, 2021
clanmills
clanmills approved these changes Apr 17, 2021
View reviewed changes
Copy link
Collaborator

@clanmills clanmills left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really good. Thank You very much for working on this.

I'm so happy that you have volunteered. I would have liked to have done more in this area (and localisation). I hope more contributors will make Exiv2 better and stronger.

I'm delighted by the emerging cooperation with Yaun. I am concerned that his enthusiasm for security drowns our development efforts and undermines Exiv2 credibility and good reputation.

clanmills
clanmills previously approved these changes Apr 17, 2021
View reviewed changes
Copy link
Collaborator

@clanmills clanmills left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought you had already removed that. I added that in enthusiasm last year and never had time to investigate and create that table. I'm glad this information is now provided by some other mechanism. Good Work.

@kevinbackhouse
Copy link
Collaborator Author

kevinbackhouse commented Apr 24, 2021
edited
Loading

I added an extra paragraph to clarify that bugs found on the main branch aren't security bugs, unless they are also reproducible on an official release, such as v0.27.3.

piponazo
piponazo approved these changes May 7, 2021
View reviewed changes
Copy link
Collaborator

@piponazo piponazo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks 👍

@kevinbackhouse kevinbackhouse merged commit b0c16eb into Exiv2:main May 7, 2021
@kevinbackhouse kevinbackhouse deleted the SecurityContact branch September 18, 2021 12:50
@nehaljwani nehaljwani mentioned this pull request Apr 30, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@piponazo piponazo piponazo approved these changes

@hassec hassec hassec approved these changes

@clanmills clanmills clanmills left review comments

Assignees

@kevinbackhouse kevinbackhouse

Labels
None yet
Projects
None yet
Milestone
v0.28.0
Development

Successfully merging this pull request may close these issues.
4 participants
@kevinbackhouse @piponazo @clanmills @hassec