On 9/05/2021 8:48, Joe Watkins wrote:
I'm aware that bugsnet serves as the disclosure method for security bugs
and github doesn't have a solution to that. Leaving that to one side for
now ...
Just want to weigh in on this item (also mentioned by Stanislav as an
important issue). Although Github doesn't provide a way to submit
security issues in a private way, there is a way to send people in the
right direction for security disclosures. For a simple example :
https://github.com/dask/dask-gateway/issues/new/choose where you can see
the 3rd item can point to a separate URL explaining how to report
security issues. These could either still be submitted to the
bugs.php.net or could use a very simple captcha-enabled form (for
anti-spam) that sends the report to specific people.
Kind regards,
Wim
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
