the other day I came across reading


If you look at number 4 they recommend to add a file at the root of a 
repository to describe how security incidents should be reported.

What is your opinion on this?
Do you have experience with it in other projects?

In case we would introduce it, we would need to do some work on the infra (like 
generating keys for PGP).

Looking forward to your replies


Reply via email to