[PATCH] D70326: [docs] LLVM Security Group and Process
Kostya Serebryany via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 26 17:49:02 PST 2019
kcc added inline comments.
================
Comment at: llvm/docs/Security.rst:180
+.. _CVE process: https://cve.mitre.org
+.. _chromium issue tracker: https://crbug.com
+.. _GitHub security: https://help.github.com/en/articles/about-maintainer-security-advisories
----------------
crbug.org has been working well for us e.g. for oss-fuzz or for one-off cases like
https://bugs.chromium.org/p/chromium/issues/detail?id=994957
https://bugs.chromium.org/p/chromium/issues/detail?id=606626
GitHub's security advisories are very recent and unclear if the workflow is polished.
E.g. I can't seem to add comments to the advisory once it's public.
I didn't check if these advisories have an API (they should).
Yet, I think we should consider GitHub as the primary candidate because this is where LLVM is and where the majority of OSS people are.
We may need to ask GitHub to implement missing features, if any.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70326/new/
https://reviews.llvm.org/D70326
More information about the llvm-commits
mailing list