Start using github security advisories
Andrew Geissler
geissonator at gmail.com
Fri Oct 15 06:12:20 AEDT 2021
> Per today's Security working group meeting, we want to start using [GitHub security advisories][]. I think we need someone with admin permissions to github.com/openbmc/openbmc to create new advisories. Then we'll want a group (team? perhaps security-response-team) with the current OpenBMC [security response team][] members. (I have that list.)
Looks like you’ll need admin authority on openbmc/openbmc in order to utilize the security advisories feature. I wonder if it’s better to create a openbmc/security repo and we can give you and the security team admin of that repo for this work? This would also provide a potential location to track github issues for the security team.
> On Oct 13, 2021, at 3:56 PM, Joseph Reynolds <jrey at linux.ibm.com> wrote:
>
>
> Per today's Security working group meeting, we want to start using [GitHub security advisories][]. I think we need someone with admin permissions to github.com/openbmc/openbmc to create new advisories. Then we'll want a group (team? perhaps security-response-team) with the current OpenBMC [security response team][] members. (I have that list.)
>
> How do we get started? Who has admin authority?
>
> Joseph
>
>
> [GitHub security advisories]: https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories
> [security response team]: https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team-guidelines.md
>
More information about the openbmc
mailing list