Reimann <jreimann@xxxxxxxxxx> To:
[eclipse.org-architecture-council] Security policy for GitHub
I just noticed that GitHub now has some
kind of "security policy tool", which also allows you to write
security advisories. 
It looks like the first step you can
take, is to provide a simple "SECURITY.md" file, which explains
your policy in the repository.
I think it makes sense, to provide a
template for Eclipse projects, which redirects users to https://eclipse.org/security,
and make it mandatory for Eclipse projects on GitHub to have such a file.
The same way we have a "CONTRIBUTING.md" file.