daniel:// stenberg://Feb 5

I'm putting together a list of big and small issues that makes us (the curl project) considering switching away from GitHub for security reporting/advisories again:

https://gist.github.com/bagder/ed3268e8745452a53a999d23b7fa1273

*considering* being the operative word, nothing has been decided and I think it's fair to give it some more time first. And some communication to see what can be done, fixed or adjusted.

To be continued.

GitHub Security Advisory wishlist from the curl project

GitHub Security Advisory wishlist from the curl project - GSA-wishlist.md

Gist
Show threadDan BrownFeb 5

@bagder Related to this, I really wish for a platform, abstract from code hosting solution, which provides a place for open source projects to manage security reports and CVEs, that's not "gamified" for reporters.

I've been moving away from GitHub, but reporting via the Mitre form is slow and cumbersome. I've been searching for something better but not found anything yet!

Show threaddaniel:// stenberg://
@danb maybe one problem is that we all want slightly different things even when we are open source...
Feb 5 at 3:50pmWeb
Show threadPoolitzerFeb 5
@bagder @danb but I mean how hard can it really be to build a platform customizable for those wishes... xD
Show threadDan BrownFeb 5
@bagder @poolitzer easily done in one weekend I'd expect 😅