Open
Description
I couldn't find any information regarding handling of incidents / security problems on this repository. As this is IMHO quite important for a web-framework it would be nice to have some sort of contact information (email + pgp preferred over proprietary chats) and information about how to proceed further, what steps are executed and how quickly responses can be expected.
Some proposals:
- Add a security policy via github. If a
SECURITY.mdfile is found in the root of the repository, it is included in the About section. - Add a section in the README on how to establish contacts regarding security considerations
Metadata
Metadata
Assignees
Labels
No labels