This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/sbp by this push:
new a2b82c02 Document code policies
a2b82c02 is described below
commit a2b82c024982d46aca40e9dd072c39e5e0495e81
Author: Sean B. Palmer <[email protected]>
AuthorDate: Thu Mar 5 15:58:13 2026 +0000
Document code policies
---
atr/docs/authentication-security.md | 6 +++---
atr/docs/authorization-security.md | 6 +++---
atr/docs/code-conventions.md | 2 +-
atr/docs/code-policies.md | 23 +++++++++++++++++++++++
atr/docs/developer-guide.md | 9 +++++----
atr/docs/how-to-contribute.md | 6 +++---
atr/docs/index.md | 9 +++++----
atr/docs/input-validation.md | 4 ++--
8 files changed, 45 insertions(+), 20 deletions(-)
diff --git a/atr/docs/authentication-security.md
b/atr/docs/authentication-security.md
index fb0cf117..8a3ad846 100644
--- a/atr/docs/authentication-security.md
+++ b/atr/docs/authentication-security.md
@@ -1,10 +1,10 @@
-# 3.11. Authentication security
+# 3.12. Authentication security
**Up**: `3.` [Developer guide](developer-guide)
-**Prev**: `3.10.` [How to contribute](how-to-contribute)
+**Prev**: `3.11.` [How to contribute](how-to-contribute)
-**Next**: `3.12.` [Authorization security](authorization-security)
+**Next**: `3.13.` [Authorization security](authorization-security)
**Sections**:
diff --git a/atr/docs/authorization-security.md
b/atr/docs/authorization-security.md
index 41029ebd..9342c047 100644
--- a/atr/docs/authorization-security.md
+++ b/atr/docs/authorization-security.md
@@ -1,10 +1,10 @@
-# 3.12. Authorization security
+# 3.13. Authorization security
**Up**: `3.` [Developer guide](developer-guide)
-**Prev**: `3.11.` [Authentication security](authentication-security)
+**Prev**: `3.12.` [Authentication security](authentication-security)
-**Next**: `3.13.` [Input validation](input-validation)
+**Next**: `3.14.` [Input validation](input-validation)
**Sections**:
diff --git a/atr/docs/code-conventions.md b/atr/docs/code-conventions.md
index 2c8f77d1..17e41fa9 100644
--- a/atr/docs/code-conventions.md
+++ b/atr/docs/code-conventions.md
@@ -4,7 +4,7 @@
**Prev**: `3.8.` [Running and creating tests](running-and-creating-tests)
-**Next**: `3.10.` [How to contribute](how-to-contribute)
+**Next**: `3.10` [Code policies](code-policies)
**Sections**:
diff --git a/atr/docs/code-policies.md b/atr/docs/code-policies.md
new file mode 100644
index 00000000..66872428
--- /dev/null
+++ b/atr/docs/code-policies.md
@@ -0,0 +1,23 @@
+# 3.10 Code policies
+
+**Up**: `3.` [Developer guide](developer-guide)
+
+**Prev**: `3.9.` [Code conventions](code-conventions)
+
+**Next**: `3.11.` [How to contribute](how-to-contribute)
+
+**Sections**:
+
+* [Introduction](#introduction)
+
+## Introduction
+
+These policies cover security and other miscellaneous policies that describe
how our code works.
+
+### Data
+
+* All data stored in ATR must be public readable with the exception of PAT
hashes and PII.
+
+### Tasks
+
+* Secret values must never be passed to tasks. This ensures that `Task`
objects and results can be considered public.
diff --git a/atr/docs/developer-guide.md b/atr/docs/developer-guide.md
index 936e1e6d..78a6792f 100644
--- a/atr/docs/developer-guide.md
+++ b/atr/docs/developer-guide.md
@@ -17,10 +17,11 @@
* `3.7.` [Build processes](build-processes)
* `3.8.` [Running and creating tests](running-and-creating-tests)
* `3.9.` [Code conventions](code-conventions)
-* `3.10.` [How to contribute](how-to-contribute)
-* `3.11.` [Authentication security](authentication-security)
-* `3.12.` [Authorization security](authorization-security)
-* `3.13.` [Input validation](input-validation)
+* `3.10` [Code policies](code-policies)
+* `3.11.` [How to contribute](how-to-contribute)
+* `3.12.` [Authentication security](authentication-security)
+* `3.13.` [Authorization security](authorization-security)
+* `3.14.` [Input validation](input-validation)
**Sections**:
diff --git a/atr/docs/how-to-contribute.md b/atr/docs/how-to-contribute.md
index f69d2bdb..3226730c 100644
--- a/atr/docs/how-to-contribute.md
+++ b/atr/docs/how-to-contribute.md
@@ -1,10 +1,10 @@
-# 3.10. How to contribute
+# 3.11. How to contribute
**Up**: `3.` [Developer guide](developer-guide)
-**Prev**: `3.9.` [Code conventions](code-conventions)
+**Prev**: `3.10` [Code policies](code-policies)
-**Next**: `3.11.` [Authentication security](authentication-security)
+**Next**: `3.12.` [Authentication security](authentication-security)
**Sections**:
diff --git a/atr/docs/index.md b/atr/docs/index.md
index ddd33136..6cd2c937 100644
--- a/atr/docs/index.md
+++ b/atr/docs/index.md
@@ -24,7 +24,8 @@ NOTE: This documentation is a work in progress.
* `3.7.` [Build processes](build-processes)
* `3.8.` [Running and creating tests](running-and-creating-tests)
* `3.9.` [Code conventions](code-conventions)
- * `3.10.` [How to contribute](how-to-contribute)
- * `3.11.` [Authentication security](authentication-security)
- * `3.12.` [Authorization security](authorization-security)
- * `3.13.` [Input validation](input-validation)
+ * `3.10` [Code policies](code-policies)
+ * `3.11.` [How to contribute](how-to-contribute)
+ * `3.12.` [Authentication security](authentication-security)
+ * `3.13.` [Authorization security](authorization-security)
+ * `3.14.` [Input validation](input-validation)
diff --git a/atr/docs/input-validation.md b/atr/docs/input-validation.md
index cd65a4df..684ae79d 100644
--- a/atr/docs/input-validation.md
+++ b/atr/docs/input-validation.md
@@ -1,8 +1,8 @@
-# 3.13. Input validation
+# 3.14. Input validation
**Up**: `3.` [Developer guide](developer-guide)
-**Prev**: `3.12.` [Authorization security](authorization-security)
+**Prev**: `3.13.` [Authorization security](authorization-security)
**Next**: (none)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
