Create a SECURITY.md security disclosure policy
Closed this issue · 4 comments
Does this sounds like something that would be part of the Uniform standards @rainleander or just something ad hoc that we need to take care of @gianarb ?
I presume as an independent project Tinkerbell will have its own destination, maybe security@tinkerbell.org with a couple of maintainers listening to it. @rainleander will have to tell us if they want to include the proposed workflow or an equivalent to its Uniform standards or not 👍 What is important to me is that the destination is something Tinkerbell related 👍
While security is important to me personally, we didn't feel that it was something we could require of all maintained / experimental repositories; so, no, it's not required for Uniform Standards.
It IS a great idea.
But that's up to the community to decide whether it's right for the project / app / Tinkerbell.
Closing in favor of tinkerbell/org#14 which is closely related and has more actionable items.