Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update security section of README #1095

Merged
merged 2 commits into from
Mar 2, 2018
Merged

Update security section of README #1095

merged 2 commits into from
Mar 2, 2018

Conversation

joshbruce
Copy link
Member

@joshbruce joshbruce commented Feb 27, 2018

Marked version: 0.3.17

Description

Recommendation from @davisjam via comment on #1083 seemed like a good one to me and more in keeping with standard operating procedures within the broader open source community regarding reporting and resolution of security issues (thanks for the education). Modified language to use "committers" and explicitly call out NPM owners.

Right now @chjj and I get all the security-related emails because we are the listed owners of the package in NPM. Having said that, I'm not sure there's much he and I are able to actually do to resolve them (for various reasons).

Might be nice to add emails (or something) for the committers on the AUTHORS page (see Django, for example)...?? I'm all about consent checks, especially with someone's contact information.

Collaborating with someone like @davisjam becomes difficult to accomplish via the internal discussion board (unless I'm showing my ignorance again) because he is not part of the "team" according to GitHub; so, email might be an appropriate alternative.

Contributor

  • Test(s) exist to ensure functionality and minimize regresstion (if no tests added, list tests covering this PR); or,
  • no tests required for this PR.
  • If submitting new feature, it has been documented in the appropriate places.

Committer

In most cases, this should be a different person than the contributor.

  • Draft GitHub release notes have been updated.
  • cm_autolinks is the only failing test (remove once CI is in place and all tests pass).
  • All lint checks pass (remove once CI is in place).
  • CI is green (no forced merge required).
  • Merge PR

@joshbruce joshbruce changed the title Update readme Update security section of README Feb 27, 2018
@joshbruce joshbruce requested a review from davisjam March 1, 2018 04:55
@joshbruce
Copy link
Member Author

Merging. @davisjam, this is more your area of expertise; so, please update as you see fit.

@joshbruce joshbruce merged commit 4581fee into markedjs:master Mar 2, 2018
@davisjam
Copy link
Contributor

davisjam commented Mar 2, 2018

LGTM

zhenalexfan pushed a commit to zhenalexfan/MarkdownHan that referenced this pull request Nov 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants