Add security policy #478
Add security policy #478
Conversation
There was a problem hiding this comment.
It looks alright.
Note that this is based on the generic template, which is fine if you don't want to keep maintaining this document on a regular basis.
But you also have the option to add specific items regarding any disclosure policy, embedded libraries, usage issues etc.
| Report security issues via email to Daniël van Eeden <[email protected]> | ||
| or via the | ||
| [private security issue reporting feature in GitHub](https://github.com/perl5-dbi/DBD-mysql/security/advisories/new). |
There was a problem hiding this comment.
I think a single point of contact is best, but I can understand for cases where users do not have a github account.
Perhaps put the GitHub reporting first, and your email address as a fallback?
| possible. However, this project is maintained by a single volunteer in | ||
| their spare time, and they cannot guarantee a rapid response. If you |
There was a problem hiding this comment.
Is this project maintained "by a single volunteer" or a team of volunteers?
You can reword this if you want.
There was a problem hiding this comment.
There are multiple people that have permissions and DBD::mysql is part of perl5-dbi which has multiple people.
However in practice it has been just me for the last few years.
Closes #477
I used the email that I've registered with PAUSE. Most other DBI related things seem to be public. And it looks like DBD::CSV didn't actually put in an email address, so that's probably not the best example to follow.
@Tux, any ideas/comments/etc?