Security Policy for the Community Standards #1859
Comments
|
Thanks for this! We've never had a security policy before because it didn't seem relevant - we're a purely python project, and all file or network IO is done through third party libraries. It seems likely that any vulnerabilities reported to us would actually come from our dependencies, and we'd end up fielding reports that we really shouldn't be. (This is just a guess, but we do get this kind of thing quite often for general bugs.) Do you have a sense of what could go in such a document in our case? |
|
Thank you for for your answer @bmcfee! I believe that your response makes sense :) I really don't have the expertise on the subject to provide recommendations on this policy. I'm sorry :( |
|
Ok, well let's leave this issue up as a placeholder in case anyone with security know-how wants to take it on. Alternatively, it might be useful to see what comparable "mid-level" python packages (i.e., pure python and above the numpy/scipy/matplotlib stack) do for this sort of thing. |
Hi Librosa admins!
As part of my Open Source Software course, I am required to explore OSS projects. Since Librosa is a library I'm currently using to learn how to process audio files for Deep Learning and I have really enjoyed using it, I decided to delve into Librosa's repository.
While looking at the Community Standards, I noticed that there is no security policy in place:
Is this something you'd consider worth implementing?
Thank you for creating such a nice software!
The text was updated successfully, but these errors were encountered: