Affirm that gitdb and smmap advisories can also be created #1991
Conversation
EliahKagan
force-pushed
the
gitdb-smmap-security
branch
from
770e4b8 to
0459b9a
Compare
EliahKagan
changed the title
This expands `SECURITY.md` to affirm the claims in the new `SECURITY.md` files in gitdb and smmap that vulnerabilities found in them can be reported in the GitPython repository with the same link as one would use to report a GitPython vulnerability, as well as to note how the distinction between affected package can be specified when it is known at the time a vulnerability is reported. Along with gitpython-developers/smmap#59 and gitpython-developers/gitdb#117, this fixes gitpython-developers/gitdb#116.
EliahKagan
force-pushed
the
gitdb-smmap-security
branch
from
0459b9a to
b20de09
Compare
|
The setup-wsl action failed on Windows in Python 3.12 here (here's the log). It is extremely unlikely to relate to the actual change in this PR, which modifies only I do wonder if Alpine Linux for WSL is more likely to have this problem than Debian, which was used before and which I believe setup-wsl still downloads from a different source. Edit: Hmm, actually, it failed both in my fork on the
This is odd because it only failed with Python 3.12. But as far as I know, setup-wsl should not be using Python in any way! One possibility is that there was a temporary outage in access to the download, and that because this push was after the PR was opened (it was a force push to fix a typo), the jobs started at almost the same time, and thus reached that step at almost the same time, where they both encountered the transient error at the same time. Edit 2: It reran successfully. |
The links in gitpython-developers#1991 did not work, as I got the branch names wrong.
|
Actually, the links I added are broken! The branch name part of the URLs is wrong, so they give not-found errors. (I had tested the links from gitdb and smmap to here, but not the ones here to gitdb and smmap.) I've opened #1992 to fix this. |
This expands
SECURITY.mdto affirm the claims in the newSECURITY.mdfiles in gitdb and smmap that vulnerabilities found in them can be reported in the GitPython repository with the same link as one would use to report a GitPython vulnerability, as well as to note how the distinction between affected package can be specified when it is known at the time a vulnerability is reported.Along with gitpython-developers/smmap#59 and gitpython-developers/gitdb#117, this fixes gitpython-developers/gitdb#116.