>> Regarding Security issues - maybe GH new Security Advisories hub could be used for that? >> https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories >> https://github.blog/2020-05-26-giving-credit-for-security-advisories/
> Our usual workflow is documented in some detail in https://www.jenkins.io/security/for-maintainers/ and I don't see how this helps with that at all. Could you elaborate? Thanks for the link. I'm imagining it in exactly the same way because GH follows the same principle for security vulnerabilities reporting: https://docs.github.com/en/github/managing-security-vulnerabilities/permission-levels-for-security-advisories Let me know if I missed something but for me this process looks exactly the same when we replace Jira with GH Security Advisories system described above. The only thing I see missing here is probably the possibility for non-write members to be able to create the private security advisory but I can imagine this could be solved via a workflow or a common mailbox. Other than that, do you have any review comments on https://github.com/jenkinsci/.github/pull/42 ? -- *Sent with Shift <https://tryshift.com/?utm_source=SentWithShift&utm_campaign=Sent%20with%20Shift%20Signature&utm_medium=Email%20Signature&utm_content=General%20Email%20Group>* -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWifJ%2BuexSS%2B2EieE-HOoASHqBjmcQam7Fohp7_nTZ7Y7g%40mail.gmail.com.
