Add a dedicated file for Keras' security policy

Question

Add a dedicated file for Keras' security policy

pnacht opened this issue 9 months ago · 0 comments

[At @divyashreepathihalli's recommendation, I'm moving this issue and its associated PR from /keras to /tf-keras]

Describe the feature and the current behavior/state.

Keras' security policy is currently at the very end of CONTRIBUTING.md. I suggest this information be moved to a dedicated SECURITY.md file.

GitHub treats SECURITY.md as a special file. If it exists in your repository, a new "issue type" is created that redirects users to the policy if they've discovered a vulnerability. The policy also appears in the project's Security Panel.

An even better solution would be to set the policy in the https://github.com/keras-team/.github repository. The policy will then be treated as the default policy for all projects in the keras-team organization.

Will this change the current api? How?
No.

Who will benefit from this feature?
Security researchers will have an easier time safely reporting vulnerabilities, therefore increasing Keras' overall security.

Do you want to contribute a PR? (yes/no): YES
Briefly describe your candidate solution(if contributing):

I will simply move the security policy to a SECURITY.md file at the root of the repository.

I would have preferred to send this PR to the keras-team/.github repository (therefore applying the policy to all repos), but since the repository is empty, I cannot create a fork and send a PR there.