Start using github security advisories
Bruce Mitchell
bruce.mitchell at linux.vnet.ibm.com
Tue Oct 19 06:06:00 AEDT 2021
On 10/18/2021 11:49, Brad Bishop wrote:
> On Thu, Oct 14, 2021 at 02:12:20PM -0500, Andrew Geissler wrote:
>>> Per today's Security working group meeting, we want to start using
>>> [GitHub security advisories][]. I think we need someone with admin
>>> permissions to github.com/openbmc/openbmc to create new advisories.
>>> Then we'll want a group (team? perhaps security-response-team) with
>>> the current OpenBMC [security response team][] members. (I have that
>>> list.)
>>
>> Looks like you’ll need admin authority on openbmc/openbmc in order to
>> utilize the security advisories feature. I wonder if it’s better to
>> create a openbmc/security repo and we can give you and the security
>> team admin of that repo for this work? This would also provide a
>> potential location to track github issues for the security team.
>
> This was my thinking as well Andrew. I'll create
> openbmc/security-response if I don't see any complaints in the next
> little while.
>
> -brad
I believe we want to make sure that none of security advisories
get sent to Discord, wouldn't want to accidentally be going to
something like #gh-issues.
More information about the openbmc
mailing list