infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Desruisseaux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-18087) Would like access to security alerts for Apache SIS on GitHub
Date Wed, 05 Jun 2019 12:28:00 GMT

    [ https://issues.apache.org/jira/browse/INFRA-18087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16856662#comment-16856662
] 

Martin Desruisseaux commented on INFRA-18087:
---------------------------------------------

Thanks for the reply. Indeed I do not have 2FA activated. I'm slowly progressing in trying
to understand how those things work, the implication on daily use, what I should choose among
the many proposed solutions, etc. I will post back when it will be done.

> Would like access to security alerts for Apache SIS on GitHub
> -------------------------------------------------------------
>
>                 Key: INFRA-18087
>                 URL: https://issues.apache.org/jira/browse/INFRA-18087
>             Project: Infrastructure
>          Issue Type: Task
>          Components: Github
>            Reporter: Martin Desruisseaux
>            Assignee: Gavin
>            Priority: Major
>              Labels: security
>
> Since a few days, pushing on Apache SIS repository causes the following warning to be
emitted:
> GitHub found 1 vulnerability on apache/sis's default branch (1 moderate). To find out
more, visit: https://github.com/apache/sis/network/alerts        
> But attempt to visit the given link results in error 404. According Github help [1],
"By default, we send security alerts to owners and people with admin access in the affected
repositories. You can also enable security alerts for additional people or teams working in
organization-owned repositories." My guess is that I do not have the authorization for viewing
the security alerts (indeed, the "alerts" tab does not appear in my "Insights" page). Would
it be possible to give the authorization for user ID "desruisseaux" on Apache SIS?
> More generally, if there is some way to automatically give this authorization to PMC
members of each project, that could be useful.
> Thanks
> [1] https://help.github.com/en/articles/about-security-alerts-for-vulnerable-dependencies#githubs-security-alerts-for-vulnerable-dependencies



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message