Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SECURITY.md - Bring it up to par with the one in server #241

Merged
merged 3 commits into from
Oct 26, 2023
Merged

Update SECURITY.md - Bring it up to par with the one in server #241

merged 3 commits into from
Oct 26, 2023

Conversation

joshtrichards
Copy link
Member

Offshoot of nextcloud/server#40966.

One caveat: I think the line added in 6c45691 in the existing Security Policy was probably trying to accommodate maybe either some of the "hosted" but still fairly independent sub-projects and/or maybe a way to accommodate reports about third-party maintained apps.

a) Is my guess accurate?
b) Should we try to accommodate that still?
c) If so, maybe we can find a clearer way to state that?

If a/b/c === true then we can add it to this PR before it gets merged if deemed appropriate.

@joshtrichards
Update SECURITY.md - Bring it up to par with the one in server
b11f39c 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
@joshtrichards joshtrichards added 3. to review Waiting for reviews security Security issues labels Oct 23, 2023
@nickvergessen
Copy link
Member

yeah, the sentence or meaning of it should be kept. Too many repos in the nextcloud org are not "maintained" by us and we don't have the resources, but the files from this repo will be used for new repos and when it's missing I think

@joshtrichards
Sec Policy: Add community maintained language
45bcaef 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
@joshtrichards
Copy link
Member Author

Alright I attempted to add some updated language for that too. Let me know!

@nickvergessen
Reformulate community section
4dc7d45 
Signed-off-by: Joas Schilling <coding@schilljs.com>
nickvergessen
nickvergessen approved these changes Oct 26, 2023
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the "other apps" sentence a bit and removed trailing spaces

@nickvergessen nickvergessen merged commit 62aa1a1 into master Oct 26, 2023
3 checks passed
@nickvergessen nickvergessen deleted the jr-security-policy-update branch October 26, 2023 06:11
joshtrichards added a commit to nextcloud/server that referenced this pull request Oct 26, 2023
@joshtrichards
Add community/third-party apps note to security policy
e86ba2b 
Just making it match the new global one in nextcloud/.github#241

Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
@joshtrichards joshtrichards mentioned this pull request Oct 26, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@szaimen szaimen Awaiting requested review from szaimen

Assignees
No one assigned
Labels
3. to review Waiting for reviews security Security issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshtrichards @nickvergessen