[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [technology-pmc] template/example for project security policy
|
Thanks Wayne, and yes, this was motivated by the checkbox on that release review :)
I'll see if I can cook something up and provide it as input on the issue.
Cheers,
Jeen
On Wed, 12 May 2021, at 04:00, Wayne Beaton wrote:
I assume that you're taking a lead from our release review tracking issue for
Eclipse RDF4J 3.7 where it's listed as a recommendation.
At present, we haven't established a best practice for this yet. We included it in the template, at least in part, to give committers notice that this is coming. Practices are evolving in this particular area.
I do have an
issue open to address this in the handbook. In that issue, I suggest that a SECURITY file contains:
- A pointer to the Eclipse Foundation Vulnerability Reporting Policy;
- Description of the mechanism should vulnerabilities be reported;
- Description of how vulnerabilities are tracked by the project team; and
- By what criteria the project team will decide whether or not a CVE will requested.
I don't think that it needs to be any more complicated than that.
I'd love your input.
Wayne
Jeen, I believe Wayne is working on something. But I don't know of a template top of my head.
-Gunnar
Hi all,
Github offers the option of formulating a security policy document by adding a markdown document to the repo, I was wondering if anybody had a good example or a template for this.
Jeen
_______________________________________________
technology-pmc mailing list
_______________________________________________
technology-pmc mailing list
--
Wayne Beaton
Director of Open Source Projects | Eclipse Foundation
_______________________________________________
technology-pmc mailing list