Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC: Add security disclosure process to developers page #8545

Closed
westurner opened this issue Oct 12, 2014 · 18 comments · Fixed by #54060
Closed

SEC: Add security disclosure process to developers page #8545

westurner opened this issue Oct 12, 2014 · 18 comments · Fixed by #54060
Labels

Comments

@jreback
Copy link
Contributor

jreback commented Oct 12, 2014

pls send me a private email and I'll take a look
git log will show my email addess

@westurner
Copy link
Contributor Author

Resolved. Looks like I needed to update to the latest pandas release. Thanks!

@jreback jreback closed this as completed Oct 13, 2014
@westurner
Copy link
Contributor Author

Going forward, for your project, it would be good to have a documented process for fielding security issues.

@jreback
Copy link
Contributor

jreback commented Oct 13, 2014

@westurner I get that you want to raise these types of issues. But not sure that this is a pandas issue at all. It may be that the 'use' of pandas is incorrect, so possibly a doc note is in order as pandas is not directly web-facing.

@westurner westurner changed the title SEC: What is the procedure for reporting security issues? SEC: Add security disclosure process to developers page Oct 13, 2014
@jreback
Copy link
Contributor

jreback commented Oct 13, 2014

I get all this, but what can pandas actually do about this?

@jreback
Copy link
Contributor

jreback commented Oct 13, 2014

ahh, you want to make this a doc issue, ok with that.

@jreback jreback reopened this Oct 13, 2014
@jreback jreback added the Docs label Oct 13, 2014
@jreback jreback added this to the 0.15.1 milestone Oct 13, 2014
@jreback
Copy link
Contributor

jreback commented Oct 13, 2014

@westurner ok pull-request for 0.15.1 then!

@westurner
Copy link
Contributor Author

Document what process for documenting issues and resolution are optimal in a security sensitive context. (e.g. link to a mailing list, or whatever you feel is appropriate)

@jreback jreback modified the milestones: 0.15.2, 0.16.0 Nov 24, 2014
@jreback jreback modified the milestones: 0.16.0, Next Major Release Mar 6, 2015
@westurner
Copy link
Contributor Author

@westurner
Copy link
Contributor Author

@gfyoung
Copy link
Member

gfyoung commented Oct 7, 2017

@westurner : Seems reasonable. You're more than welcome to open a PR to add this!

@mroeschke
Copy link
Member

This is already added in https://github.com/pandas-dev/pandas/blob/master/.github/SECURITY.md so I think we can close this issue

@westurner
Copy link
Contributor Author

👍
Duplicate of #27821

@westurner
Copy link
Contributor Author

Actually, this still isn't on the docs?

Maybe;

  • .. include: ../.github/security.md in the Sphinx docs/

@westurner
Copy link
Contributor Author

Or would that be unhelpful because the Sphinx docs are in RST instead of the - newer - MyST Markdown?

@mroeschke
Copy link
Member

Ah good point @westurner, this is not explicitly called out in the docs. Might be good to add a section in https://pandas.pydata.org/docs/development/policies.html with the security policy. I'll reopen this

@mroeschke mroeschke reopened this Feb 3, 2021
@mroeschke mroeschke removed this from the Contributions Welcome milestone Oct 13, 2022
@westurner
Copy link
Contributor Author

westurner commented Jul 11, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants