+1
We could add the same file for repositories hosted on Gerrit
-Matthias
From: <eclipse.org-architecture-council-bounces@xxxxxxxxxxx> on behalf of Jens Reimann <jreimann@xxxxxxxxxx>
Reply-To: "eclipse.org-architecture-council" <eclipse.org-architecture-council@xxxxxxxxxxx>
Date: Monday, 17. June 2019 at 13:59
To: "eclipse.org-architecture-council" <eclipse.org-architecture-council@xxxxxxxxxxx>
Subject: [eclipse.org-architecture-council] Security policy for GitHub projects
I just noticed that GitHub now has some kind of "security policy tool", which also allows you to write security advisories. [1]
It looks like the first step you can take, is to provide a simple "SECURITY.md" file, which explains your policy in the repository.
I think it makes sense, to provide a template for Eclipse projects, which redirects users to
https://eclipse.org/security, and make it mandatory for Eclipse projects on GitHub to have such a file. The same way we have a "CONTRIBUTING.md" file.
--
Jens Reimann
Principal Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Tom Savage, Michael O'Neill
|