[systemd-devel] GithHub / private repos
Alex Dzyoba
alex at dzyoba.com
Wed Jan 30 20:10:18 UTC 2019
If we're actually discussing private repos for reporting security issues then
Github product is not helpful. It seems that most of the projects use private
mailing lists for that. For example, Linux kernel has security at kernel.org and
another one for coordination with distributions - more details here
https://www.kernel.org/doc/html/v4.18/admin-guide/security-bugs.html
So I think something like systemd-security at lists.freedesktop.org is
the way to go.
Alex
On Sat, Jan 26, 2019 at 3:42 PM Lennart Poettering
<lennart at poettering.net> wrote:
>
> On Di, 15.01.19 21:21, Alex Dzyoba (alex at dzyoba.com) wrote:
>
> > When you create a new organization you can choose "Team For Open
> > Source" plan. Here is the link
> > https://github.com/account/organizations/new
> >
> > Though, I don't know if it's possible to upgrade the existing systemd
> > organization, sorry. Maybe it's possible to contact github support to
> > ask for this.
>
> So I had a closer look at this, and found this:
>
> https://help.github.com/articles/github-s-products/
>
> IIUC "GitHub Team for Open Source" doesn't actually add anything we
> need. Because what we need would actually be the ability for arbitrary
> people (i.e. not people who necessarily are members of our systemd
> team on github) to send us private PRs and issues in order to handle
> security issues.
>
> It appears to me that plan does not provide the core need we have:
> allow those random folks from the Internet to report security issues
> in privacy to us... Or what am I missing?
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list