I've never had such a notification that was actually applicable to my project and did fit its threat model. It's still kinda good to know that they're there, though.
I'm having trouble understanding why people are annoyed at security notifications from @github.
Don't you want to be aware when a thing you made is leaving people exposed?
Or is it because having lots of notifications is overwhelming?
How could this be done better?
-
-
-
Exactly my thoughts
End of conversation
New conversation -
-
-
all of the dozens of notifications I've got have been false positives
-
yep, same here.
End of conversation
New conversation -
-
-
the eternal question we need to solve with Greenkeeper.
-
Do they surface the security info via an API? Seems like that would be an interesting addition for greenkeeper
- 1 more reply
New conversation -
-
-
Most notifications I've gotten were for minor regexp ddos vulnerabilities in dev dependencies. Nice to fix but no impact on anyone using the software as opposed to contributing, and even then its a stretch
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I actually just realised these were comin from GitHub yesterday. IMO, I have a lot of repos that are either side projects or some other code that isn't really going anywhere. Perhaps an option to turn off security notifications for a repo?
-
Maybe paired with a badge or message to alert would-be users that security updates exist for the repo.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.