-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security advisory not functional #2086
Comments
@groundcat can you provide a screenshot or explain why it's not functional? I followed the link and I was able to access a form to submit a report. But since I have admin rights in the repo, perhaps it's working differently. I will need an external example. |
The PSL is a static text file. I still scratch my head as to why tf we need to have any security advisory like this for ANY practical reason. |
Because we have things like Github actions which are really easy to mess up in a way they give people write access to the repo. 😞 |
Could one of the admins please enable private reporting as described here: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#enabling-or-disabling-private-vulnerability-reporting-for-a-repository |
This was already discussed in #1856 and we agreed that it would be good to allow for reports related to list infra, not list entries. The security file reflects this decision (as well as the discussion in the pull request). We should just make that change, as suggested by simon above. |
@weppos Would you mind? Or just make me an admin maybe? |
I enabled the feature. Can someone give it another try and confirm it works? I am unable to test, as an admin I could already access it before. |
It seems to work. I can access the form, and was able to submit a test report (it now says "Thank you for reporting a vulnerability to publicsuffix/list. Maintainers have been notified and will review your submission."). |
@weppos Just FYI: It seems I cannot see the submissions on Github so yall will have to handle them. |
This is strange. According to GitHub, you should be able to manage them. ![]() ![]() |
Why again is this needed? |
|
Fixed afaiu. |
list/SECURITY.md
Line 11 in 4f58803
The security advisory link
https://github.com/publicsuffix/list/security/advisories/new
(added from #1856) is currently not functional and may require some setup to be completed, if necessary.The text was updated successfully, but these errors were encountered: