Two items: (1) security is different because, well, it seems obvious to me that anything security related should be as accessible as possible as opposed to going through an extra hoop and (2) making/keeping our GitHub presence a first class citizen in how we put a face on the project.
Gary On Sat, Aug 22, 2020, 10:15 Gilles Sadowski <[email protected]> wrote: > Hi. > > 2020-08-22 15:26 UTC+02:00, Gary Gregory <[email protected]>: > > Hi All, > > > > You may have noticed (or nor) that GitHub has a Security [1] tab for our > > repositories. On this tab, you can define a Security Policy.[2] in a > > SECURITY.md (just like we have a README.md). > > > > I would like to fill this in with the same text we now have here: > > https://commons.apache.org/security.html > > > > Each repository should end up with a SECURITY.md which in theory should > be > > the same. > > As in code, I'd prefer to avoid such duplicated files; currently, > as you point out above, this is managed via our common web > site. > I'm pretty sure the duplication will proceed; so at least, the > contents of this file should just be a terse: > ---CUT--- > To report a security problem, please read the > [Apache Commons project's security > page](https://commons.apache.org/security.html). > ---CUT--- > > Regards, > Gilles > > > > > Gary > > > > [1] https://github.com/apache/commons-compress/security > > [2] > > > https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
