Gabriela Gutierrez
Gabriela Gutierrez
Hey! Friendly ping here. Do you think it would be useful to add a security policy to the repository? If not we can close as not planned, otherwise I will...
Sure, rewriting the whole release process using GitHub workflows will be more challenging. Still, I was thinking of a smaller temporary solution. I’ll describe it below so you can see...
Got it. Thanks for the clarification!
Hey! Friendly ping here. This issue has been idle for quite some time. Do you plan on considering these changes? Otherwise we can close it as not planned. I will...
May I suggest that we also change the check description to make it clear we are verifying if the project completed the OpenSSF Best Practices form? Because, with the current...
> I think you're using the term "badge" to mean a graphical image, but in the "best practices badge" we mean the _English_ word, that is, something like an indication...
> If I understand you correctly, that sounds like a bug, let's not enshrine that. I may not be understanding you correctly. Where's the code that does the evaluation? https://github.com/ossf/scorecard/blob/2bde7ca25be9bdc798a6e6ca40e192a24058e2b4/checks/evaluation/cii_best_practices.go#L44
I agree with the suggestions
Hi @JamesLMilner! Yes, here are a few examples: https://github.com/emscripten-core/emscripten/security/policy https://github.com/dustin/go-humanize/security/policy https://github.com/Cyan4973/xxHash/security/policy About contacting the maintainers privately, GitHub has a [Private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) feature, currently in public beta. Private reports are...
Hi! Friendly ping here. Do you still plan on considering this change? Otherwise we can close as not planned for now :)