Check the wiki & codebase for mentions of security@edx.org/@tcril.org and update it to security@openedx.org

[feanil]

Also update any mentions of security@tcril.org to security@openedx.org

As of 2023-03-10, this includes in our codebases:

% allgit - grep "security@tcril.org" | allgit2tsv
course-discovery	README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-ace	README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-cookiecutters	python-template/{{cookiecutter.placeholder_repo_name}}/README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-developer-docs	README.rst:Please do not report security issues in public. Please email security@tcril.org
edx-enterprise-subsidy-client	README.rst:Please do not report security issues in public. Please email security@tcril.org.
edx-rest-api-client	README.rst:Please do not report security issues in public. Please email security@tcril.org.
enterprise-subsidy	README.rst:Please do not report security issues in public. Please email security@tcril.org.
event-bus-redis	README.rst:Please do not report security issues in public. Please email security@tcril.org.
frontend-app-learner-record	README.rst:Please do not report security issues in public. Please email security@tcril.org.
openedx-events	README.rst:Please do not report security issues in public. Please email security@tcril.org.
openedx-filters	README.rst:Please do not report security issues in public. Please email security@tcril.org.
openedx-ledger	README.rst:Please do not report security issues in public. Please email security@tcril.org.
token-utils	README.rst:Please do not report security issues in public. Please email security@tcril.org.
xapi-db-load	README.rst:Please do not report security issues in public. Please email security@tcril.org.
xblock-lti-consumer	README.rst:Please do not report security issues in public. Please email security@tcril.org.
xblock-skill-tagging	README.rst:Please do not report security issues in public. Please email security@tcril.org.

Reasoning

For any security issues with the Open edX Platform codebase, they should go to security@openedx.org which will be handled by the openedx security working group. The security@tcril.org or security@axim.org addresses should be used for reporting issues with resources owned by Axim that are not a part of the Open edX codebase.

[timmc-edx]

I also see a mention on https://openedx.org/community/connect/

[MAAngamarca]

Hi, I'm going to work on this issue.

[feanil]

@MAAngamarca sounds good, let me know if you have any questions! I've assigned this to you for now.

[nedbat]

Just for clarity: now that axim.org is a thing, the address should still be security@openedx.org?

[feanil]

@nedbat yes, we're trying to use the openedx.org address as the new address instead of the axim one. This makes it easier to separate the security issues related to axim the company from security issues related to the Open edX Project.

[feanil]

@MAAngamarca have you had time to work on this? I don't know if I've missed the relevant PRs. If not, should someone else pick this up?

[MAAngamarca]

@feanil Sorry, I forgot to change in all repositories, but I just did.

[feanil]

I've checked the ORG and updated the openedx.org site. This should be all set now, thank you @MAAngamarca!