From 97249433628b532f4ea6da896a5fa52bdd6f855c Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Wed, 21 Aug 2019 08:03:48 +0100 Subject: [PATCH] (doc) Add security.md file This replaces that current issue template that we have specifically for security related issues. Instead of starting to create a new issue, which is what happens currently, this will simply display the policy to the user. --- .github/ISSUE_TEMPLATE/SecurityDisclosure.md | 8 -------- .github/SECURITY.md | 6 ++++++ 2 files changed, 6 insertions(+), 8 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/SecurityDisclosure.md create mode 100644 .github/SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/SecurityDisclosure.md b/.github/ISSUE_TEMPLATE/SecurityDisclosure.md deleted file mode 100644 index 5429941268..0000000000 --- a/.github/ISSUE_TEMPLATE/SecurityDisclosure.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: Security Disclosure / Report -about: Found a security issue? ---- - -STOP RIGHT HERE - DO NOT CREATE A TICKET FOR A SECURITY FINDING IN THE OPEN (HERE OR IN ANY COMMUNITY) - -Security reports should never start out in the open. Please follow up directly with the team if you have a contact. If not you can always start with the information at https://chocolatey.org/security to see instructions on how to provide the disclosure. Thank you! diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000000..fc8bb5354b --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,6 @@ +# Security Policies and Procedures + +Security reports should never start out in the open. Please follow up directly +with the team if you have a contact. If not you can always start with the +information at https://chocolatey.org/security to see instructions on how to +provide the disclosure. Thank you!