Description
To ensure the security and integrity of Coverlet, we should align with the recommended security policy documentation provided by GitHub. This guidance can be reviewed here.
Additionally, it is essential to establish a clear protocol for vulnerability communication within the Coverlet project. Rather than using issue tracking for security-related disclosures, we must define an alternative secure and structured process to handle and address vulnerabilities effectively.
Furthermore, we need to update the status of outdated NuGet packages related to Coverlet on NuGet.org by marking them as “unsupported” for security patches. This will help inform users that these versions are no longer maintained for security fixes and encourage migration to newer, actively supported releases.
Here are the specific Coverlet packages that require status updates:
Additionally, we should explore implementing a process for security patch notifications and guidance to help developers transition smoothly to supported versions. This could include updating official documentation, releasing advisories, and notifying affected users through appropriate channels.
By establishing these best practices, Coverlet can maintain a strong security posture and provide clarity to its users regarding version support and vulnerability handling.