Skip to content

Inadvertent disclosure#36155

Closed
mhdawson wants to merge 10 commits intonodejs:masterfrom
mhdawson:inadvertant-disclosure
Closed

Inadvertent disclosure#36155
mhdawson wants to merge 10 commits intonodejs:masterfrom
mhdawson:inadvertant-disclosure

Conversation

@mhdawson
Copy link
Member

@mhdawson mhdawson commented Nov 17, 2020

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • documentation is changed or added
  • commit message follows commit guidelines

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Nov 17, 2020
edited by mhdawson
Loading

Review requested:

  • @nodejs/tsc

@nodejs-github-bot nodejs-github-bot added the c++ Issues and PRs that require attention from people who are familiar with C++. label Nov 17, 2020
@cjihrig
Copy link
Contributor

cjihrig commented Nov 17, 2020

Are the n-api changes here intentional?

mmarchini
mmarchini reviewed Nov 17, 2020
View reviewed changes
doc/guides/collaborator-guide.md Outdated
Copy link
Contributor

@mmarchini mmarchini Nov 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Link to the repository? Or should we keep it without a link on purpose?

Also, I assume it will be a repo on nodejs-private?

Copy link
Member Author

@mhdawson mhdawson Nov 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've not created the repo yet, but a link makes sense. It should only be accessible to those who have access to private repos within the org

Copy link
Member Author

@mhdawson mhdawson Nov 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mmarchini added the link in the first reference, not sure if we need to make all references a link or not.

Copy link
Member Author

@mhdawson mhdawson Nov 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, I assume it will be a repo on nodejs-private?

No, its a private repo in the nodejs org as I don't believe we can move issues across organizations.

Copy link
Contributor

@mmarchini mmarchini Nov 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. The downside is that folks who have access to private repos in this org but not on the repo we usually use for security releases will have access to the issue. It's probably fine though, it only means some folks in moderation and CommComm will have access to the issue even when they don't have access to security release discussions (which is still better than keeping the issue public).

Copy link
Member Author

@mhdawson mhdawson Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mmarchini

which is still better than keeping the issue public

+1

@mhdawson
doc: add process for handling premature disclosure
83c1c12 
Add process for handling premature disclosure of
a security vulnerability in the public repos.

Signed-off-by: Michael Dawson <mdawson@devrus.com>
@mhdawson mhdawson force-pushed the inadvertant-disclosure branch from 06b7d65 to 83c1c12 Compare November 18, 2020 18:33
mhdawson
mhdawson commented Nov 18, 2020
View reviewed changes
@Flarna Flarna removed the c++ Issues and PRs that require attention from people who are familiar with C++. label Nov 18, 2020
richardlau
richardlau reviewed Nov 19, 2020
View reviewed changes
mcollina
mcollina approved these changes Nov 19, 2020
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

mhdawson and others added 3 commits November 20, 2020 10:50
@mhdawson @richardlau
Update doc/guides/collaborator-guide.md
9bc5247 
Co-authored-by: Richard Lau <rlau@redhat.com>
@mhdawson @richardlau
Update doc/guides/collaborator-guide.md
c97676c 
Co-authored-by: Richard Lau <rlau@redhat.com>
@mhdawson
fixup[
7e4de86
mmarchini
mmarchini approved these changes Nov 20, 2020
View reviewed changes
Copy link
Contributor

@mmarchini mmarchini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. I think we need to open a request on nodejs/admin to create the repository, correct?

@mhdawson @mmarchini
Update doc/guides/collaborator-guide.md
efe89c4 
Co-authored-by: mary marchini <oss@mmarchini.me>
@mhdawson mhdawson mentioned this pull request Nov 23, 2020
Closed
@mhdawson
Copy link
Member Author

mhdawson commented Nov 23, 2020

@mmarchini good call on creating the request in admin. Here is the list: nodejs/admin#573

mhdawson added a commit that referenced this pull request Nov 30, 2020
@mhdawson
doc: add process for handling premature disclosure
9cf2341 
Add process for handling premature disclosure of
a security vulnerability in the public repos.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #36155
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@mhdawson
Copy link
Member Author

mhdawson commented Nov 30, 2020

Landed as 9cf2341

@mhdawson mhdawson closed this Nov 30, 2020
danielleadams pushed a commit that referenced this pull request Dec 7, 2020
@mhdawson @danielleadams
doc: add process for handling premature disclosure
0401ffb 
Add process for handling premature disclosure of
a security vulnerability in the public repos.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #36155
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@danielleadams danielleadams mentioned this pull request Dec 7, 2020
Merged
cjihrig pushed a commit to cjihrig/node that referenced this pull request Dec 8, 2020
@mhdawson @cjihrig
doc: add process for handling premature disclosure
aac6bc1 
Add process for handling premature disclosure of
a security vulnerability in the public repos.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#36155
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: Rich Trott <rtrott@gmail.com>
targos pushed a commit that referenced this pull request May 1, 2021
@mhdawson @targos
doc: add process for handling premature disclosure
280d1b0 
Add process for handling premature disclosure of
a security vulnerability in the public repos.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #36155
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@danielleadams danielleadams mentioned this pull request May 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ljharb ljharb ljharb left review comments

@mcollina mcollina mcollina approved these changes

@Trott Trott Trott approved these changes

@richardlau richardlau richardlau approved these changes

+1 more reviewer

@mmarchini mmarchini mmarchini approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@mhdawson @nodejs-github-bot @cjihrig @ljharb @mcollina @Trott @mmarchini @richardlau @Flarna

Comments