potiuk opened a new pull request, #295:
URL: https://github.com/apache/maven-source-plugin/pull/295

   **This is a proposal for the PMC to review — please correct, reject, or 
discuss as needed.** Nothing here is a requirement; the maintainer is the 
decision-maker.
   
   This adds a small `AGENTS.md` + `SECURITY.md` so an automated scan agent can 
mechanically discover the project's security model via the conventional 
`AGENTS.md → SECURITY.md` chain. It points at the Maven family's umbrella 
threat model, which the PMC merged in `apache/maven` (`THREAT_MODEL.md`) — no 
model content is duplicated here, just the pointer.
   
   Context: the ASF Security team is preparing the Maven repositories for an 
automated agentic security scan we're piloting. Such scans refuse to run if the 
model isn't discoverable by that path. Discoverability is the one hard gate; 
everything else is suggestion.
   
   Doc-only; questions / pushback welcome.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to