Page MenuHomeMiraheze
Create Task
Maniphest T7541

Create CVE policy for extensions managed by Miraheze
Closed, ResolvedPublic
Actions

Description

After the CVE created last night and the disagreements that occurred it's necessary to have a clear written policy that makes it clear when a CVE should be created, what it should contain and and how drafts should be reviewed prior to publication.

Event Timeline

Reception123 triaged this task as High priority.Jun 27 2021, 13:15
Reception123 created this task.
Herald added subscribers: Bukkit, Unknown Object (User), RhinosF1. · View Herald TranscriptJun 27 2021, 13:15
Reception123 moved this task from Radar to Discussion on the Site Reliability Engineering board.Jun 27 2021, 13:16
Redmin subscribed.Jun 27 2021, 17:06
Reception123 added a subscriber: Owen.Jun 28 2021, 06:37
Herald removed a subscriber: Bukkit. · View Herald TranscriptJun 28 2021, 06:37
Owen moved this task from Backlog to External on the Trust & Safety board.Jun 28 2021, 12:58
Reception123 added a comment.Jul 6 2021, 07:41

@Owen Would you be able to provide some comments and suggestions for what you think needs to be considered before opening a security advisory and requesting a CVE from GitHub?

John claimed this task.Aug 20 2021, 18:16
John subscribed.

https://meta.miraheze.org/wiki/Tech:GHSA

Reception123 added a comment.Aug 24 2021, 18:59

The updated GHSA docs/CVE guidance looks good to me.

Herald removed a subscriber: Unknown Object (User). · View Herald TranscriptAug 24 2021, 18:59
John closed this task as Resolved.Aug 25 2021, 17:30