You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should get a policy defined for the org and can define it in one place in this repo. We've needed one for a while anyway, but semantic-release/semantic-release#2449 revealing a vulnerability publicly rather than doing coordinated disclosure by starting the conversation privately highlights further that outlining a policy could be a helpful reminder for users that are looking to contact us.
The complication involved in defining a policy is that there is no way built into GitHub for initiating the private conversation, leaving email as the best option for initial contact. In order to avoid revealing the personal email addresses of our maintainers in a public file, it would be better if we could set up a security address that could be routed to maintainers through the semantic-release.org domain.
If we're ok with moving the domain to Cloudflare, I recommend that we use their email routing service:
I've created a Cloudflare org/account and can invite maintainers to that org, but would need info about an existing personal Cloudflare account to do so.
The domain transfer is quick and painless. I've moved several to Cloudflare and have been happy with managing domains there.
We should get a policy defined for the org and can define it in one place in this repo. We've needed one for a while anyway, but semantic-release/semantic-release#2449 revealing a vulnerability publicly rather than doing coordinated disclosure by starting the conversation privately highlights further that outlining a policy could be a helpful reminder for users that are looking to contact us.
The complication involved in defining a policy is that there is no way built into GitHub for initiating the private conversation, leaving email as the best option for initial contact. In order to avoid revealing the personal email addresses of our maintainers in a public file, it would be better if we could set up a security address that could be routed to maintainers through the semantic-release.org domain.
If we're ok with moving the domain to Cloudflare, I recommend that we use their email routing service:
The text was updated successfully, but these errors were encountered: