Missing SECURITY.md
sergiotarxz opened this issue · comments
- Mojolicious version: Commit 37a4c39
- Perl version: Not relevant.
- Operating system: Not relevant.
Steps to reproduce the behavior
Github suggests creating a SECURITY.md to ease security researchers reporting bugs.
Expected behavior
We should have a SECURITY.md
Actual behavior
We do not have a SECURITY.md.
#2151 fixes this issue, but maybe there is something else which should be added.
Are there any actual advantages to having the file? Please don't open a PR, a core team member will write the content if we decide it's worth having.
Github says:
To give people instructions for reporting security vulnerabilities in your project, you can add a SECURITY.md file to your repository's root, docs, or .github folder. When someone creates an issue in your repository, they will see a link to your project's security policy.
If someone finds a security issue in the code is possible that they have problems reporting it, searching for the correct email address to contact for example, SECURITY.md helps them having a clear point in the code where they can find all the instructions to report an issue.
Since we already have CONTRIBUTING.md, this seems a bit redundant.
Probably true, feel free to close.