diff options
author | Anthon van der Neut <anthon@mnt.org> | 2017-07-18 18:35:54 +0200 |
---|---|---|
committer | Anthon van der Neut <anthon@mnt.org> | 2017-07-18 18:35:54 +0200 |
commit | d5e044783217b2814126593e996282314386f1da (patch) | |
tree | db7720c378b073d5c002dba7f6490f9e18fb229c /_doc | |
parent | b7291f6b881ab9daa1b9a359f56d520b995b6a14 (diff) | |
download | ruamel.yaml-d5e044783217b2814126593e996282314386f1da.tar.gz |
added vulnerabilities action
Diffstat (limited to '_doc')
-rw-r--r-- | _doc/contributing.ryd | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/_doc/contributing.ryd b/_doc/contributing.ryd index 3b093d1..9cb74b2 100644 --- a/_doc/contributing.ryd +++ b/_doc/contributing.ryd @@ -62,7 +62,7 @@ not work (at least not until these commands are fixed to support packages with namespaces). You can install ``tox``, ``pytest``, ``mypy`` and ``flake8`` in the Python3 -``virtualenv``, or in ``virtualenv``s of their own. If all of these commands +``virtualenv``, or in a ``virtualenv`` of their own. If all of these commands pass without warning/error, you can create your pull-request. Flake @@ -120,3 +120,16 @@ contact me):: LICENSE _ryd/conf.py -ryd/Makefile + + +Vulnerabilities +=============== + +If you find a vulnerability in ``ruamel.yaml`` (e.g. that would show the ``safe`` +and ``rt`` loader are not safe due to a bug in the software)), please contact me +directly via email, or by leaving a comment on StackOverflow (below any of my +posts), without going into the details of the vulnerability. After contact is +estabilished I will work to eliminate the vulnerability in a timely fashion. +After the vulnerability is removed, and affected parties notified to allow them +to update versions, the vulnerability will be published, and your role in +finding/resolving this properly attributed.
\ No newline at end of file |