launchpad-reviewers team mailing list archive

[Yuliy Schwartzburg <mp+473581@xxxxxxxxxxxxxxxxxx>]

Small comment about #1

Diff comments:

> diff --git a/SECURITY.md b/SECURITY.md
> new file mode 100644
> index 0000000..0fc7efd
> --- /dev/null
> +++ b/SECURITY.md
> @@ -0,0 +1,17 @@
> +# Launchpad Security Policy
> +
> +If you discover a security vulnerability, please follow the steps outlined below to report it:
> +
> +1. **Do not** publicly disclose the vulnerability.

If the person is a security researcher, they would publicly disclose it as part of their job. Maybe we can phrase it as do not disclose it before discussing with us or we say subject to the policy below.

> +2. Contact us via email at [feedback@xxxxxxxxxxxxx](mailto:feedback@xxxxxxxxxxxxx).
> +3. Provide detailed information about the vulnerability, including:
> +   - A description of the vulnerability.
> +   - Steps to reproduce the issue.
> +   - Potential impact and affected versions.
> +   - Suggested mitigations, if possible.
> +
> +Alternatively, you may report vulnerabilities via [Launchpad's private bug system](https://bugs.launchpad.net/).
> +
> +The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about what you can expect when you contact us and what we expect from you.
> +
> +The Launchpad team will be notified of the issue, review the vulnerability, assign a CVE, and coordinate the release of the fix.
> \ No newline at end of file


-- 
https://code.launchpad.net/~alvarocs/launchpad/+git/launchpad/+merge/473581
Your team Launchpad code reviewers is requested to review the proposed merge of ~alvarocs/launchpad:feature/security_md_update into launchpad:master.