-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SECURITY.md #9804
Add SECURITY.md #9804
Conversation
As part of our project's periodic Eclipse Foundation progress review (1), we are encouraged to add a security policy file, for our project. I went with the miminal amount of information I thought was needed, not duplicating info from the EF policy. It should be a good first step, I think. In addition, I also modified the GitHub bug report issue template and PR template, to make it clear they're not meant to be used to disclose security vulnerabilities. A nice side-effect of adding SECURITY.md is that GitHub automatically adds an entry in our issue-submission page: "Report a security vulnerability", that has a button "View Policy" that opens our policy. There are some more seemingly nice GitHub project security features that could be enabled for our repo/project (with webmaster's help). We can consider them separately. (1): https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/64 Fixes #8795 Signed-off-by: Marc Dumais <[email protected]>
1b54fb3
to
1e0e2a5
Compare
@waynebeaton I am not sure we currently cover all aspects of the feedback you provided on the previous related PR. In particular:
Could you please have a quick look at this PR and advise? |
@eclipse-theia FYI |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me 👍
I'll let others provide feedback if necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks for the reviews - merging |
What it does
As part of our project's periodic Eclipse Foundation progress review (1),
we are encouraged to add a security policy file, for our project. I went
with the miminal amount of information I thought was needed, not duplicating
info from the EF policy. It should be a good first step, I think.
In addition, I also modified the GitHub bug report issue template and PR
template, to make it clear they're not meant to be used to disclose security
vulnerabilities.
A nice side-effect of adding SECURITY.md is that GitHub automatically adds
an entry in our issue-submission page: "Report a security vulnerability",
that has a button "View Policy" that opens our policy.
There are some more seemingly nice GitHub project security features that
could be enabled for our repo/project (with webmaster's help). We can
consider them separately.
(1): https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/64
Fixes #8795
How to test
This is a non-functional change for the most part. To see the changes to the GH issue and PR templates "live", I have deployed this PR to the master branch of my fork:
https://github.com/marcdumais-work/theia/issues/new/choose
Review checklist
Reminder for reviewers