[heroes] Security Alerts für openSUSE Repos
Correcting mail address of Marcus.... Hi all, as I get (as one of the org admins) several security alerts (repeatedly) from GitHub were dependencies are old/outdated and a severe problem for some openSUSE projects (like e.g. OSEM, TSP or searchPage) which affects quite a number of openSUSE users. Unfortunately, this needs to be enabled PER REPO that non-org-admins can see those alerts. As I find it very important, that you security guys can see this [Robert, Johannes and Marcus - nospecificorderhere :)] I will take the responsibility as openSUSE hero and add you to these repos security alerts with your mail adress, as soon as I get the report. As we have more than 400 repos, I can't do this for all repos as there is no API by GitHub to do this right now. See here: https://github.community/t5/GitHub-API-Development-and/Security-vulnerabilit... Also I will try to forward you the security reports as soon as they enter my Inbox. Best regards, Thorsten -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On Sat, Sep 14, 2019 at 05:32:25PM +0200, Thorsten Bro wrote:
as I get (as one of the org admins) several security alerts (repeatedly) from GitHub were dependencies are old/outdated and a severe problem for some openSUSE projects (like e.g. OSEM, TSP or searchPage) which affects quite a number of openSUSE users.
Unfortunately, this needs to be enabled PER REPO that non-org-admins can see those alerts.
As I find it very important, that you security guys can see this [Robert, Johannes and Marcus - nospecificorderhere :)]
We agree :) That's why I became github owner a while ago and wrote a script that gives me all those vulnerabilities in a workable format. The mails unfortunately only contain a subset of the vulnerabilities. I contacted developers for each repo and am working with them to get the issues fixed. The ones you listed are my "problem childs" currently, but I'm on it. Thank you for offering :) Johannes -- GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0 Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg Geschäftsführer: Felix Imendörffer (HRB 247165, AG München) -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (2)
-
jsegitz@suse.de -
Thorsten Bro