Create SECURITY.md #1128

chris001 · 2019-10-16T16:11:04Z

The purpose of this file is to tell users about the software's security policy, and the address to email a security vulnerability report to the project maintainers.

chris001 · 2023-03-20T06:41:19Z

I just notice, an accidentally(?) stolen credit for my Pull Request?:
https://github.com/webmin/webmin/commits/master/SECURITY.md

swelljoe · 2023-03-20T06:54:24Z

What do you believe is stolen? The text of the SECURITY.md you've linked that Jamie committed has no relation to the text of the file in your PR?

I seem to recall we discussed adding a SECURITY.md a while back, maybe in an issue? And, seems like Jamie added it a year ago. Looks to be wholly independent of your PR.

chris001 · 2023-03-20T08:26:30Z

The date of my SECURITY.md PR is Oct 16, 2019, ~ 3 years and 5 months ago.
The date on Jamie's is Feb 19, 2022, ~ 1 year 1 month ago.. ~ 2 years 3 months after mine.
If adding SECURITY.md was discussed a year ago, maybe in an issue, then that discussion to add SECURITY.md was maybe, probably, triggered by my PR to add SECURITY.md, more than 2 years before that discussion!
My PR was a perfectly good SECURITY.md to get started with in 2019, it would've directed some users, if any, towards where to email in a report, pretty much every software project on here with a large user base and runs with highest privilege on an operating system, has one of these files in the main directory of the code.
My SECURITY.md had/has a bonus section at the top, where it says only the current version is supported for fixing vulnerabilities, and that current version number is now dynamically equal to the the current release version, without any need for someone to edit the version number in the file, very convenient.
Why wasn't my SECURITY.md PR merged in 2019, and then, 3 plus years later in 2022, tweak/edit the how to report section, to what is there now, leaving in my part at the top (supported versions reports are accepted for)?

iliaross · 2023-03-20T10:56:12Z

My PR was a perfectly good SECURITY.md to get started with in 2019, it would've directed some users, if any, towards where to email in a report, pretty much every software project on here with a large user base and runs with highest privilege on an operating system, has one of these files in the main directory of the code.

Chris, I'm pretty sure this was unintentional. I assume, Jamie just missed it at a time.

My SECURITY.md had/has a bonus section at the top, where it says only the current version is supported for fixing vulnerabilities, and that current version number is now dynamically equal to the the current release version, without any need for someone to edit the version number in the file, very convenient.

This is a good suggestion. Update your PR using Jamie's text and adding your bonus section to the top, and we will merge it.

Create SECURITY.md

ec28c25

The purpose of this file is to tell users about the software's security policy, and the address to email a security vulnerability report to the project maintainers.

iliaross force-pushed the master branch 2 times, most recently from 6ec1f01 to 75f0ca4 Compare April 13, 2020 21:56

iliaross force-pushed the master branch from 5fb39ec to 9c28858 Compare June 8, 2020 10:00

chris001 added 2 commits March 19, 2023 23:55

Update SECURITY.md

4d713c9

Update SECURITY.md

7c81a74

Update SECURITY.md

0bc2902

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Create SECURITY.md #1128

Create SECURITY.md #1128

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Create SECURITY.md #1128

Are you sure you want to change the base?

Create SECURITY.md #1128

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!