From 0d1b6a7b1682f98839001287f5b4724f4a2ef154 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 31 Jan 2024 18:09:29 -0500 Subject: [PATCH 1/2] SECURITY: make conduct section, warn against weaponized PRs Signed-off-by: William Woodruff --- SECURITY.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 3ef89aaf..721a60b0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -39,10 +39,12 @@ The following do not constitute security vulnerabilities in Homebrew: - security vulnerabilities in software used by but not written by Homebrew - nominal clickjacking and similar attacks against our static, GitHub Pages websites -While researching, we'd like to ask you to refrain from: +## Conduct + +While researching, we ask you to refrain from: - Denial of service - Spamming - Social engineering (including phishing) of Homebrew maintainers or contributors - Any physical attempts against Homebrew's machines - +- Testing discoveries on Homebrew's CI/CD or other services by filing public PRs containing weaknesses From 2eba434f3409a3899e3b6e8d92c672a30bdd375b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 31 Jan 2024 22:54:32 -0500 Subject: [PATCH 2/2] Update SECURITY.md Co-authored-by: Bo Anderson --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 721a60b0..5f63865a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -47,4 +47,4 @@ While researching, we ask you to refrain from: - Spamming - Social engineering (including phishing) of Homebrew maintainers or contributors - Any physical attempts against Homebrew's machines -- Testing discoveries on Homebrew's CI/CD or other services by filing public PRs containing weaknesses +- Performing vulnerability research in public, such as testing discoveries by opening pull requests to Homebrew's public repositories without prior written approval