doc: revise security-reporting text in README #23407
Conversation
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate.
|
How do I find out who is on [email protected] so I can ask them if the current text and these changes are accurate? I can just email the address, I suppose, but what if I wanted to audit who is on the list? @nodejs/security-wg |
|
what is that nodejs forwarding address for? seems to be an alias to the HackerOne Node core program? If so, @vdeturckheim should have access to see who is participating there. Text LGTM. |
[email protected] is the address we ask people to use when reporting security vulnerabilities in Node.js core. The alias is defined in https://github.com/nodejs/email/blob/31a4b5cd3791d4cf14c484ac07574da0647921ee/iojs.org/aliases.json#L46-L51. That's basically all I know, though. Although I imagine I could find more digging through git history and issue trackers spread out across the org. I'm hoping someone knows and will provide the answer, though. |
|
Got it. I wasn't aware that we forward that directly to HackerOne. |
|
I theory the list is here https://github.com/nodejs/security-wg/blob/master/processes/security_team_members.md#team-that-triages-security-reports-against-node-core but it is highly outdated. I'll PR the updated list after lunch |
|
So I updated the list as of nodejs/security-wg#414 |
|
OK, so for this change, /ping @cjihrig @indutny @jasnell @mcollina @mhdawson @MylesBorins @rvagg @vdeturckheim |
Trott
added
the
author ready
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: nodejs#23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
|
Landed in bcbb937 |
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: #23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: #23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: #23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: #23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: #23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: #23407 Reviewed-By: Sakthipriyan Vairamani <[email protected]> Reviewed-By: Yuta Hiroto <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]>
Simplify and clarify the security-reporting text in the README. Now is
also probably a good time to ping the security triage folks to make sure
the text is still accurate.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes