#security cleanup · zulip · Zulip Chat Archive

Stream: zulip

Topic: #security cleanup

Philip Durbin 🚀 (Sep 21 2024 at 13:53):

We've seen an uptick in people reporting security vulnerabilities in the #security channel. It's not particularly surprising that people were posting there. The temptation was too great! :sweat_smile:

Philip Durbin 🚀 (Sep 21 2024 at 13:58):

Here's what I did to try to address the problem:

Changed #security so only Admins can post. (In practice, for us, this means Owners.)
Moved all messages out of #security to #community
Posted a single message in #security about how to report vulnerabilities and read more about our security policy

My thought is that we will never post any more message to #security. The channel exists for the sole purpose of directing the community to our established places to talk about security.

Philip Durbin 🚀 (Sep 21 2024 at 13:59):

I'm open to other ideas, of course, but this seemed like the best way to stem the tide of security reports in Zulip.

Philip Durbin 🚀 (Sep 23 2024 at 13:38):

@Don Sizemore @Oliver Bertuch (and others) what do you think? Does #security look ok to you?

Don Sizemore (Sep 23 2024 at 14:05):

Security reports should not be publicly visible. Thank you for cleaning this up.

Philip Durbin 🚀 (Jan 16 2026 at 16:25):

Hmm, I'm seeing some posts in #security. We don't want posts there, right? Looking at you, @Oliver Bertuch :smile:

Oliver Bertuch (Jan 16 2026 at 16:26):

Well it's marked "OT" = "offtopic" and I couldn't think of a better place...

Oliver Bertuch (Jan 16 2026 at 16:27):

Please feel free to delete or move.

Oliver Bertuch (Jan 16 2026 at 16:27):

I thought it may be good to let folks know about this.

Philip Durbin 🚀 (Jan 16 2026 at 16:31):

@Don Sizemore @Oliver Bertuch any objection to me moving all topics except #security > security policy from #security to somewhere esle? I think we want just that one topic. That's what we decided above anyway. Or should we revisit how we use #security? :thinking:

Oliver Bertuch (Jan 16 2026 at 16:31):

I'm fine with whatever. Just felt the least wrong to spread the word there to me.

Philip Durbin 🚀 (Jan 16 2026 at 16:37):

My preference is to keep #security with only the one post directing people where to discuss security (#security > security policy). Only admins can post in #security.

We do this to prevent people from discussing Dataverse security issues in public.

Philip Durbin 🚀 (Mar 13 2026 at 19:43):

I see a :thumbs_up: from @Oliver Bertuch (thanks). I'll move your messages out of #security (to #community, I guess).

@Don Sizemore can I get a :thumbs_up: from you too, please? To move your messages out of #security? (Or you can.)

Philip Durbin 🚀 (Mar 13 2026 at 20:25):

Don Sizemore and I moved the messages. All set.

Last updated: Apr 03 2026 at 06:08 UTC