Skip to content

Add guidelines for contacting the security WG to avoid spam etc #796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 16, 2025
Merged

Add guidelines for contacting the security WG to avoid spam etc #796

merged 3 commits into from
May 16, 2025

Conversation

@Carreau
Copy link
Member

@Carreau Carreau commented Apr 28, 2025

No description provided.

@Carreau Carreau requested a review from Copilot April 28, 2025 11:26
Copilot AI reviewed Apr 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the security guidelines to reduce spam on the security mailing list by clarifying acceptable reporting practices.

  • Adds a statement that there’s no active bug bounty program.
  • Introduces a "Reports to avoid" section with specific examples and advice for sending security reports.

security.md Outdated
Comment on lines 42 to 43
learning, include you uncertainty in the object/body of the message.
- You are a security researcher: Verify the tool claim and try to develop
Copy link

Copilot AI Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo in the phrase 'include you uncertainty'; consider replacing it with 'include your uncertainty'.

Suggested change
learning, include you uncertainty in the object/body of the message.
- You are a security researcher: Verify the tool claim and try to develop
learning, include your uncertainty in the object/body of the message.

Copilot uses AI. Check for mistakes.
Carreau
Carreau commented Apr 28, 2025
View reviewed changes
choldgraf
choldgraf approved these changes Apr 28, 2025
View reviewed changes
Copy link
Collaborator

@choldgraf choldgraf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've cleaned up the language a little bit. Will hold off for approval from @rpwagner since he is assigned but IMO this is safe to merge.

If y'all would like me to just merge these kinds of things in the future, let me know. I want to be respectful of the working practices in the security WG which is why I'm holding off!

@Carreau
Copy link
Member Author

Carreau commented Apr 28, 2025

Yes it's good to have other sec memeber review this, but they are not part of this org, so I can't assign. (one more annoyance of multiple orgs). I open end an issue in jupyter security to review this .

@choldgraf
Copy link
Collaborator

choldgraf commented May 16, 2025

We've got an approval from @minrk as well, so I'm just going to merge this one as I think it's an improvement and it's safe to try!

@choldgraf choldgraf changed the title suggestion to avoid spam on security ml Add guidelines for contacting the security WG to avoid spam etc May 16, 2025
@choldgraf choldgraf merged commit ac4ffae into jupyter:main May 16, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@minrk minrk minrk approved these changes

@choldgraf choldgraf choldgraf approved these changes

Assignees

@rpwagner rpwagner

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Carreau @choldgraf @minrk @rpwagner