[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-architecture-council] Security policy for GitHub projects

+1

Dani



From:        Jens Reimann <jreimann@xxxxxxxxxx>
To:        "eclipse.org-architecture-council" <eclipse.org-architecture-council@xxxxxxxxxxx>
Date:        17.06.2019 13:57
Subject:        [EXTERNAL] [eclipse.org-architecture-council] Security policy for GitHub        projects
Sent by:        eclipse.org-architecture-council-bounces@xxxxxxxxxxx




Hi everyone,

I just noticed that GitHub now has some kind of "security policy tool", which also allows you to write security advisories. [1]

It looks like the first step you can take, is to provide a simple "SECURITY.md" file, which explains your policy in the repository.

I think it makes sense, to provide a template for Eclipse projects, which redirects users to https://eclipse.org/security, and make it mandatory for Eclipse projects on GitHub to have such a file. The same way we have a "CONTRIBUTING.md" file.

What do you think?

Cheers

Jens

[1] https://help.github.com/en/articles/adding-a-security-policy-to-your-repository

--

Jens Reimann
Principal Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________

Red Hat GmbH,
www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Tom Savage, Michael O'Neill
_______________________________________________
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council

IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation.  To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.