-
Notifications
You must be signed in to change notification settings - Fork 763
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create SECURITY.md #515
base: uinverse
Are you sure you want to change the base?
Create SECURITY.md #515
Conversation
Fred in HR told me we needed this?!? I had to pull 3 all nighters & involve 5 teams to get this done by the deadline. ..
@Gkjsdll I was in that meeting with Fred, he said this was due on 5/28 and not 4/28. I'm glad you got this done under the deadline though. As a reward, we are assigning you more work. |
Unfortunately, the release window for these changes has expired. During that time, the security landscape has changed considerably. Please consider resubmitting this PR after obtaining pre-approval from the new InfraStructureAsCode Security Review Committee as per the email sent out in early June, and resubmitting...this time to the appropriate closed-source-for-security branch of the project. Note that since your PR contains sensitive security related information and you did not submit to the appropriate branch or obtain all necessary approvals, your submission has been flagged and all future PRs will require additional review by the appropriate security team. Please refer to the security policy documents for more information about related additional monitoring of your hardware and online activity for this breach of protocol. |
Hi there! My team leader has been referring to the document added here extensively in our daily scrums but the internal KB has no such material or references; I spent a couple of evenings chasing this down because I am currently involved with handing dependency upgrades for an internal project. Some key thoughts:
I know this is a stale issue but feedback via direct email response would be very welcome |
Thanks for the mail chain this morning - got that all sorted out. |
Citrix is not an approved tool. This is obviously not enterprise quality!!! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bit of issues with formatting
- Microsoft Word | ||
- ~~Microsoft Paint<sup>[1]</sup>~~ | ||
|
||
macOS TextEdit is in stage 4 of the consideration process, but has not yet passed phase 2 of the brainstorming review pipeline. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's write "MacOS" starting with capital letter, like everywhere else in project.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's write "MacOS" starting with capital letter, like everywhere else in project.
Why not Mac OS X?
Hi all, I believe that we should also approve Windows WordPad as a development environment. It would likely be the best choice for all very serious development As well as that, I suggest also adding very threatening legal text to the security file if the closed source branch is leaked. |
Fred in HR told me we needed this?!? I had to pull 3 all nighters & involve 5 teams to get this done by the deadline. .. Edits are disabled because this was rush-approved by B2B cloud enterprise blockchain security division, and they cannot budget time to review any edits.