On Thu, May 14, 2026 at 11:53:04AM +0200, Ruediger Pluem wrote: > On 5/12/26 7:23 PM, Joe Orton wrote: > > I'm thinking we put this at ./docs/security-model.md or somewhere while > > What is the best location for a LLM that scans the repo to pick it up > automatically? > Is there any generic LLM model agnostic default location / filename?
>From some off-list conversation, it looks like there is a convention to use "SECURITY.md" at the top-level. (We should also reference the web site pages about how to report vulnerabilities from there too) > > it's a WIP. Ideally I think it ends up in docs/manual too when we're > > happy with it, but we probably need to keep a canonical version in > > markdown for the LLMs, so there's another problem to solve. > > I think for now we should focus on the LLM's usability. We can try to tackle > the docs/ issue later. Makes sense to me. Thanks for the review. Regards, Joe
