Security page on www.haskell.org

Question

Closed this issue 6 months ago · 3 comments

Hello maintainers,

This issue is mainly a heads-up and Request For Comment, before we do the work.
Please give your feedback!

The Security Response Team would like a web presence on www.haskell.org. It is where
we would publish:

The team members and how to contact the team
- Team members and bios: https://discourse.haskell.org/t/haskell-security-response-team-announcement-and-q2-2023-report/6931#srt-membership-and-kick-off-2
How to report security advisories
- A starting point for the content: https://discourse.haskell.org/t/haskell-security-response-team-announcement-and-q2-2023-report/6931#database-is-open-for-submissions-6
Security guides for Haskell project maintainers (e.g. CI best practices, release management practices)
- source for our guides is in our repo: https://github.com/haskell/security-advisories/tree/main/guides
- suggest separate pages for each guide, and a section on the main security page that lists them.
SRT quarterly
- reports are in our repo: https://github.com/haskell/security-advisories/tree/main/reports
- suggest separate pages for each guide, and a section on the main security page that lists them.
Table of Contents for the security page.

To make the resource discoverable, we would also like a link on the landing page,
perhaps a new "Security" node in this nav bar:

But, if the maintainers have different ideas, please share.

Answer 1 · 2024-06-08T14:22:48.000Z

Andre Esapze is working on this at ZuriHac. Thank you Andre!

Answer 2 · 2024-06-09T14:40:46.000Z

I have push the commit there. Thank you very much for your warm welcome.

Answer 3 · 2024-06-09T14:59:02.000Z

@aespaze42 thank you very much. We really appreciate your assistance, doing the unglamourous work!