• johnyma22@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    4 months ago

    Security related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging…

    Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example…

    I find that by having a documented process it filters out a decent amount of time wasters.