One thing that seems to have gotten hidden from the GitHub announcements is actually THE MOST VALUABLE feature for open source maintainers:

The ability to have private discussions and code review about security vulnerabilities WITHIN your repo.


@geekgonecrazy Now only GitHub potentially knows about them. Would that still be enough for embargoed stuff? 🤔

@brejoc I’m not sure! It seems like they designed with that process in mind. I still haven’t tried it out. But looks like can directly review code attached to reports. Then can also control visibility. Very interesting feature. But time will tell how well they did this

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.