On Thu, 18 Jun 2020 at 21:44, James Nord <jamestn...@gmail.com> wrote:
> > am I missing something in this thread > > security reports? > > currently they are all triaged by the security team so the team can track > disclosure deadlines etc. > how would that worknif the plugin is usimg GH issues? (yes I know gh > issues can now handle security reports but does that mean the security team > members need admin on all plugin repos, are they supposed to be watching > more places for reports etc) > The security team already uses a different project in Jira to everyone else, I don't think we need to change that currently, maintainers will just use whatever the security team decides I would think? Mentioned this earlier: > One thing I think is important to mention is that the security project can be a special case and should be fine to either stay on jira or possibly there’s a better tool for it, we shouldn’t block a move because the security project has a very well defined process that works well in Jira > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/7edfc904-18b1-4b99-9301-930dee549cd0o%40googlegroups.com > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Bid81HEKBBJpbk2wNm-s29_OT_rZEOQy0btkGd87nszNxA%40mail.gmail.com.
