Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security guidelines #1329

Merged
merged 2 commits into from
Nov 9, 2019
Merged

Add security guidelines #1329

merged 2 commits into from
Nov 9, 2019

Conversation

terhorstd
Copy link
Contributor

@terhorstd terhorstd commented Oct 31, 2019
edited
Loading

This file defines the NEST security infrastructure. As discussed in the NEST-Initative Board.

The information will be available also in the project's Security Advisories page on GitHib (see next to Wiki above)

@terhorstd terhorstd added ZC: Infrastructure DO NOT USE THIS LABEL I: No breaking change Previously written code will work as before, no one should note anything changing (aside the fix) ZP: PR Created DO NOT USE THIS LABEL S: Normal Handle this with default priority T: Maintenance Work to keep up the quality of the code and documentation. labels Oct 31, 2019
jougs
jougs reviewed Nov 5, 2019
View reviewed changes
Copy link
Contributor

@jougs jougs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine with me, once my inline comments are addressed.

SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
@Silmathoron
Copy link
Member

Out of curiosity, what kind of security issues are we talking about here?

@terhorstd @jougs
Apply suggestions from code review
ab6a282 
add language corrections by @jougs

Co-Authored-By: Jochen Martin Eppler <[email protected]>
@terhorstd
Copy link
Contributor Author

I think many things can be considered security related bugs. Basically anything that raises concerns of the user or machine/network admins. Main point is to define a way of contacting the developers on a secure channel. If a user would find a way to do any mischief with the simulator, it wouldn't be a good idea to put that into normal issue tracking or onto the mailing list. This of course assumes (a) something like this is possible, however unlikely, and (b) that it is a person is not tying to be next years supervillain.

jougs
jougs approved these changes Nov 9, 2019
View reviewed changes
Copy link
Contributor

@jougs jougs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for accepting my suggestions. I think this is better than having nothing and we always address further changes in future PRs. I'm thus merging without waiting for more reviews.

@jougs jougs merged commit c0b3eb3 into nest:master Nov 9, 2019
@terhorstd terhorstd deleted the security-guidelines branch November 11, 2019 14:48
heplesser
heplesser reviewed Nov 11, 2019
View reviewed changes
Copy link
Contributor

@heplesser heplesser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@terhorstd Good work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heplesser heplesser heplesser left review comments

@jougs jougs jougs approved these changes

@diesmann diesmann Awaiting requested review from diesmann

Assignees
No one assigned
Labels
I: No breaking change Previously written code will work as before, no one should note anything changing (aside the fix) S: Normal Handle this with default priority T: Maintenance Work to keep up the quality of the code and documentation. ZC: Infrastructure DO NOT USE THIS LABEL ZP: PR Created DO NOT USE THIS LABEL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@terhorstd @Silmathoron @heplesser @jougs