On 18.11.2021 at 14:53, Matthew Weier O'Phinney wrote: > With Laminas, we use an email alias to allow researchers to report to us. > We then post the full report as a security issue on GitHub - it's a feature > they rolled out late 2019/early 2020 that restricts visibility to > maintainers initially, but allows inviting others to collaborate (we invite > the reporter immediately, for instance). It also creates a private branch > for collaboration. When the patch has been merged, you can mark the issue > public. > > If the plan is to move to GH anyways, this could solve security reporting.
Thanks! I wasn't aware of that feature. More info at <https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory>. -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
