Hi Gary, On Mon, 25 Mar 2024 at 13:44, Gary Gregory <[email protected]> wrote: > > Let's hit PAUSE for a moment and think this through. > > This is not in line with the security reporting guidelines of all the > projects I participate in. > > This allows security issues to be disclosed in the wild without our > getting a chance to address them.
If I understand correctly, the suggestions are visible to the same people as the code-scanning alerts in the `Security` tab in our Github repository[1]. When I go to the Security tab of the Airflow repo[2], I don't see any code-scanning alerts. On the other hand in [3] I see everything. Piotr [1] https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository [2] https://github.com/apache/airflow/security [3] https://github.com/apache/logging-log4j2/security --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
