potiuk opened a new pull request, #116: URL: https://github.com/apache/spark-docker/pull/116
**This is a proposal for the PMC to review — please correct, reject, or discuss as needed.** Nothing here is a requirement; the maintainer is the decision-maker. This adds `AGENTS.md` and `SECURITY.md` to the repo root so an automated scan agent can mechanically discover the project's security model via the conventional `AGENTS.md → SECURITY.md → model URL` chain. The chain terminates at the existing <https://spark.apache.org/docs/latest/security.html> page — nothing about the model content itself changes. Context: the ASF Security team is preparing the project for an automated agentic security scan we're piloting. Such scans refuse to run if the model isn't discoverable by that path (refusing upfront beats wasting PMC reviewer cycles on a noise-heavy run against an unknown model). Discoverability is the one hard gate; everything else is suggestion. The Security team has reached out separately on the PMC's private list with the program details; this PR is the public-facing repo piece. The Security team uses [`threat-model-producer`](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573) as the rubric for what a complete model looks like — but this PR is just the *links*; the existing Spark `security.html` content is accepted as the model (the published container images inherit the same trust boundaries the operator documentation describes). Questions / pushback welcome. Happy to adjust the wording or move things if the project has a house style. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
