Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add a SECURITY.md file #18

Merged
merged 1 commit into from
Oct 21, 2024
Merged

docs: add a SECURITY.md file #18

merged 1 commit into from
Oct 21, 2024

Conversation

AliSajid
Copy link
Member

@AliSajid AliSajid commented Oct 21, 2024
edited
Loading

TL;DR

Added a SECURITY.md file to establish a security policy for the project.

What changed?

  • Created a new SECURITY.md file
  • Defined supported Neovim versions (current and previous three releases)
  • Outlined the process for reporting vulnerabilities
  • Established a vulnerability disclosure timeline

How to test?

  1. Review the SECURITY.md file to ensure it contains the correct information
  2. Verify that the supported versions table is accurate
  3. Check that the vulnerability reporting process is clear and includes the correct email address
  4. Confirm that the disclosure timeline is properly stated

Why make this change?

This change enhances the project's security practices by:

  1. Clearly communicating which Neovim versions are supported
  2. Providing a structured process for reporting security vulnerabilities
  3. Setting expectations for vulnerability resolution timeframes
  4. Demonstrating commitment to maintaining a secure codebase

These measures help build trust with users and contributors while establishing a framework for addressing potential security issues.

@graphite-app Graphite App
Copy link

graphite-app bot commented Oct 21, 2024

Your org has enabled the Graphite merge queue for merging into main

Add the label “merge-queue” to the PR and Graphite will automatically add it to the merge queue when it’s ready to merge.

You must have a Graphite account and log in to Graphite in order to use the merge queue. Sign up using this link.

@AliSajid Graphite App
Copy link
Member Author

AliSajid commented Oct 21, 2024
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @AliSajid and the rest of your teammates on Graphite Graphite

This was referenced Oct 21, 2024
Merged
Merged
Merged
Merged
Merged
@AliSajid AliSajid force-pushed the 10-20-build_add_a_codeowners_file branch from 9d07c35 to 03503be Compare October 21, 2024 18:06
@AliSajid AliSajid force-pushed the 10-21-docs_add_a_security.md_file branch from 60c7313 to e5d8e32 Compare October 21, 2024 18:06
Base automatically changed from 10-20-build_add_a_codeowners_file to main October 21, 2024 18:14
@AliSajid AliSajid force-pushed the 10-21-docs_add_a_security.md_file branch from e5d8e32 to 86e346d Compare October 21, 2024 18:15
@AliSajid AliSajid changed the base branch from main to next October 21, 2024 18:15
@AliSajidImami AliSajidImami changed the base branch from next to main October 21, 2024 18:16
@graphite-app Graphite App
Copy link

graphite-app bot commented Oct 21, 2024
edited by AliSajid
Loading

Merge activity

  • Oct 21, 2:18 PM EDT: A user added this pull request to the Graphite merge queue.
  • Oct 21, 2:21 PM EDT: The Graphite merge queue couldn't merge this PR because it failed for an unknown reason.
  • Oct 21, 3:15 PM EDT: The merge label 'merge-queue' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.
  • Oct 21, 3:15 PM EDT: A user added this pull request to the Graphite merge queue.
  • Oct 21, 3:19 PM EDT: The Graphite merge queue couldn't merge this PR because it failed for an unknown reason.
  • Oct 21, 3:20 PM EDT: The merge label 'merge-queue' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.
  • Oct 21, 3:20 PM EDT: A user added this pull request to the Graphite merge queue.
  • Oct 21, 3:24 PM EDT: The Graphite merge queue couldn't merge this PR because it failed for an unknown reason.
  • Oct 21, 7:28 PM EDT: The merge label 'merge-queue' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.
  • Oct 21, 7:28 PM EDT: A user added this pull request to the Graphite merge queue.
  • Oct 21, 7:32 PM EDT: The Graphite merge queue couldn't merge this PR because it failed for an unknown reason.
  • Oct 21, 7:42 PM EDT: The merge label 'merge-queue' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.
  • Oct 21, 7:42 PM EDT: A user added this pull request to the Graphite merge queue.
  • Oct 21, 7:45 PM EDT: A user merged this pull request with the Graphite merge queue.

@AliSajid AliSajid changed the base branch from main to next October 21, 2024 23:41
@AliSajid AliSajid changed the base branch from next to main October 21, 2024 23:42
@AliSajid AliSajid force-pushed the 10-21-docs_add_a_security.md_file branch from 86e346d to e1cde76 Compare October 21, 2024 23:43
@graphite-app graphite-app bot merged commit e1cde76 into main Oct 21, 2024
10 checks passed
@graphite-app graphite-app bot deleted the 10-21-docs_add_a_security.md_file branch October 21, 2024 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AliSajidImami AliSajidImami AliSajidImami approved these changes

Assignees
No one assigned
Labels
merge-queue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AliSajid @AliSajidImami