suggestion to avoid spam on security ml #796
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR updates the security guidelines to reduce spam on the security mailing list by clarifying acceptable reporting practices.
- Adds a statement that there’s no active bug bounty program.
- Introduces a "Reports to avoid" section with specific examples and advice for sending security reports.
security.md
Outdated
| learning, include you uncertainty in the object/body of the message. | ||
| - You are a security researcher: Verify the tool claim and try to develop |
There was a problem hiding this comment.
Typo in the phrase 'include you uncertainty'; consider replacing it with 'include your uncertainty'.
| learning, include you uncertainty in the object/body of the message. | |
| - You are a security researcher: Verify the tool claim and try to develop | |
| learning, include your uncertainty in the object/body of the message. |
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
I've cleaned up the language a little bit. Will hold off for approval from @rpwagner since he is assigned but IMO this is safe to merge.
If y'all would like me to just merge these kinds of things in the future, let me know. I want to be respectful of the working practices in the security WG which is why I'm holding off!
|
Yes it's good to have other sec memeber review this, but they are not part of this org, so I can't assign. (one more annoyance of multiple orgs). I open end an issue in jupyter security to review this . |
No description provided.