[
https://issues.apache.org/jira/browse/SLING-10676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17390154#comment-17390154
]
Eric Norman edited comment on SLING-10676 at 7/30/21, 12:54 AM:
----------------------------------------------------------------
[~bdelacretaz] FYI: For any projects using sling parent version less than 35,
this new SECURITY.md file causes the apache-rat-plugin checking for approved
licence to fail. The change that excludes all markdown files from RAT was
[https://github.com/apache/sling-parent/commit/f9e345b82093adaaedbefcdcac98ffe8a66e704d]
that was first included in parent 35.
This is the reason for the current ci build failure for the
sling-org-apache-sling-launchpad-integration-tests,
sling-org-apache-sling-discovery-oak and maybe other projects.
UPDATE: The new rat error appears to impact dozens of modules that are using
various sling parent versions between 16 -> 34. Many of the new failures are
visible on the Monitor page at:
https://ci-builds.apache.org/job/Sling/view/Monitor/
was (Author: enorman):
[~bdelacretaz] FYI: For any projects using sling parent version less than 35,
this new SECURITY.md file causes the apache-rat-plugin checking for approved
licence to fail. The change that excludes all markdown files from RAT was
[https://github.com/apache/sling-parent/commit/f9e345b82093adaaedbefcdcac98ffe8a66e704d]
that was first included in parent 35.
This is the reason for the current ci build failure for the
sling-org-apache-sling-launchpad-integration-tests,
sling-org-apache-sling-discovery-oak and maybe other projects.
> Add a SECURITY.MD file to all our Git repositories
> --------------------------------------------------
>
> Key: SLING-10676
> URL: https://issues.apache.org/jira/browse/SLING-10676
> Project: Sling
> Issue Type: Improvement
> Components: Documentation
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Priority: Minor
>
> We should add
> [https://github.com/apache/.github/blob/main/.github/SECURITY.md] to all our
> repositories (but linking to [1]), as per
> [https://twitter.com/iamamoose/status/1417104695626240001:]
> {quote}All Apache projects follow the default ASF security policy; but not
> all have a github SECURITY․md file, and they get penalised, i.e. with lower
> #openssf scorecard scores
> ([http://metrics.openssf.org|http://metrics.openssf.org/])
> {quote}
> Tentatively assigning to myself but if someone beats me to it I'd be happy!
> [1] https://sling.apache.org/project-information/security.html
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
