Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parser: Create SECURITY.md #1284

Merged
merged 6 commits into from
Aug 30, 2021
Merged

parser: Create SECURITY.md #1284

merged 6 commits into from
Aug 30, 2021

Conversation

s3nt3
Copy link
Contributor

@s3nt3 s3nt3 commented Jul 23, 2021

What problem does this PR solve?

Announce the way and specifications for users to submit vulnerabilities to the tidb security team through Github-Security-Policy.

What is changed and how it works?

Refer to the steps mentioned in add a security policy to your repository to create SECURITY.md.

Check List

Tests

  • No code

@s3nt3
Copy link
Contributor Author

s3nt3 commented Jul 23, 2021

/cc @bb7133

@ti-chi-bot ti-chi-bot requested a review from bb7133 July 23, 2021 05:21
@tangenta
Copy link
Contributor

TiDB is a fast-growing open source database.
The TiDB security team will confirm the vulnerabilities and contact you within 2 working days after your submission.

I don't think these sentences are appropriate because TiDB is not the only user using this repo.

@s3nt3 s3nt3 closed this Jul 23, 2021
@s3nt3
Copy link
Contributor Author

s3nt3 commented Jul 23, 2021
edited
Loading

Hi, @tangenta the main purpose of adding this security policy is to inform users how to submit vulnerabilities. As the sql parser of tidb, the tidb security team is very concerned about the security issues of this repo. We hope that we can accept the security issues reported by the community, and we will also invest in support. Based on the above reasons, I have synchronized tidb's security policy. If the reviewer and maintainer think that the policy statement is inappropriate, welcome to put forward specific suggestions for modification, and I will modify the policy document.

@s3nt3 s3nt3 reopened this Jul 23, 2021
tangenta
tangenta reviewed Jul 26, 2021
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
@s3nt3 @tangenta
Update SECURITY.md
2f1fc90 
Co-authored-by: tangenta <[email protected]>
tangenta
tangenta reviewed Jul 26, 2021
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
tangenta
tangenta reviewed Jul 26, 2021
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
tangenta
tangenta reviewed Jul 26, 2021
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
@tangenta
Copy link
Contributor

Rest LGTM

s3nt3 and others added 3 commits July 27, 2021 09:46
@s3nt3 @tangenta
Update SECURITY.md
cd5f628 
Co-authored-by: tangenta <[email protected]>
@s3nt3 @tangenta
Update SECURITY.md
e5c61cc 
Co-authored-by: tangenta <[email protected]>
@s3nt3 @tangenta
Update SECURITY.md
15d8fe4 
Co-authored-by: tangenta <[email protected]>
@s3nt3
Copy link
Contributor Author

s3nt3 commented Jul 27, 2021

@tangenta Thanks a lot for your suggestions, I have updated it.

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Jul 27, 2021
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • morgo
  • tangenta

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot
Copy link
Member

@dveeden: Thanks for your review. The bot only counts approvals from reviewers and higher roles in list, but you're still welcome to leave your comments.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@morgo morgo self-requested a review August 30, 2021 15:21
@ti-chi-bot ti-chi-bot added status/LGT2 LGT2 and removed status/LGT1 LGT1 labels Aug 30, 2021
@morgo
Copy link
Contributor

morgo commented Aug 30, 2021

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 15d8fe4

@ti-chi-bot
Copy link
Member

@s3nt3: Your PR was out of date, I have automatically updated it for you.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot merged commit e2a7449 into pingcap:master Aug 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tangenta tangenta tangenta approved these changes

@dveeden dveeden dveeden approved these changes

@morgo morgo morgo approved these changes

@bb7133 bb7133 Awaiting requested review from bb7133

Assignees
No one assigned
Labels
first-time-contributor status/can-merge status/LGT2 LGT2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@s3nt3 @tangenta @ti-chi-bot @morgo @dveeden