> On 19. Jun 2020, at 11:47, Radosław Antoniuk <radek.anton...@gmail.com> wrote:
>
>> I would be surprised if we wouldn't regularly get 0-days because people with
>> just a GH account don't bother to do it properly, and just report issues on
>> GH. If that is enabled in repos without someone regularly reviewing incoming
>> issues, or by a maintainer who's unaware of how we handle security issues in
>> the project, reports may linger in public for months or even years.
>
> How about just using "security" label that shall be added by the maintainer
> and pull all labelled issues automatically via a bot?
How would that work
> in repos without someone regularly reviewing incoming issues, or by a
> maintainer who's unaware of how we handle security issues in the project
?
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/4E2EB711-EFBA-4065-9BA2-CB69634D55E0%40beckweb.net.
