Start using github security advisories

Joseph Reynolds jrey at linux.ibm.com
Fri Oct 29 00:31:37 AEDT 2021


On 10/27/21 2:42 PM, Brad Bishop wrote:
> On Wed, 2021-10-27 at 15:29 -0400, Brad Bishop wrote:
>> On Wed, 2021-10-27 at 18:29 +0000, Mihm, James wrote:
>>> Brad or Andrew, Can we proceed with the creation of security
>>> repository so that we can run a couple of trials on security issues?
>> Hi James, thanks for the ping.
>>
>> The only reason I haven't already done this was this comment from
>> Bruce:
>>
>>>> I believe we want to make sure that none of security advisories
>>>> get sent to Discord, wouldn't want to accidentally be going to
>>>> something like #gh-issues.
>> This was a good point and I'm not sure what to do about it.
> Hi James
>
> I created the security-reponse github group and the security-response
> repo just now and made it private.  Please do some testing and make sure
> issues don't find their way into #gh-issues on Discord.
>
> thx - brad

Thanks Brad!

The plan is to write the first issues from real-live but low-severity  
problems which are also common knowledge within the openBMC community.  
Meaning: there will be minimal harm if the problem is disclosed.

- Joseph



More information about the openbmc mailing list