Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds security.md. #1379

Closed
wants to merge 2 commits into from
Closed

Adds security.md. #1379

wants to merge 2 commits into from

Conversation

alesstimec
Copy link
Collaborator

Description

Adds security.md as part of the vulnerability and response.

Engineering checklist

Check only items that apply

  • Documentation updated
  • Covered by unit tests
  • Covered by integration tests

Test instructions

Notes for code reviewers

@alesstimec alesstimec requested a review from a team as a code owner October 1, 2024 08:13
kian99
kian99 reviewed Oct 1, 2024
View reviewed changes
Copy link
Contributor

@kian99 kian99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going to https://github.com/Canonical/jimm/security/advisories/new returns a 404

kian99
kian99 previously approved these changes Oct 1, 2024
View reviewed changes
@ale8k
Copy link
Contributor

ale8k commented Oct 1, 2024
edited
Loading

I think this is missing detail, this is really just the temlate they given us but lxd is more in depth.

https://github.com/canonical/lxd/blob/main/SECURITY.md

This is much nicer and also the file name should be capitlised I think...

We should say what versions we're willing to fix. I.e., juju last major latest minor, current, and maybe next major?...

ale8k
ale8k requested changes Oct 1, 2024
View reviewed changes
Copy link
Contributor

@ale8k ale8k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requesting changes on file name and some details on what we're willing to fix (i.e., versioning)

kian99
kian99 reviewed Oct 1, 2024
View reviewed changes
SECURITY.md
Comment on lines +9 to +13
The LXD GitHub admins will be notified of the issue and will work with you
to determine whether the issue qualifies as a security issue and, if so, in
which component. We will then handle figuring out a fix, getting a CVE
assigned and coordinating the release of the fix to the various Linux
distributions.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs fixing to be about JAAS not LXD and the bit at the end about "various Linux distributions" doesn't apply.

ale8k
ale8k approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@ale8k ale8k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bar kians comment

@alesstimec alesstimec closed this Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kian99 kian99 kian99 left review comments

@ale8k ale8k ale8k approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alesstimec @ale8k @kian99