Create a SECURITY.md security disclosure policy

Question

Create a SECURITY.md security disclosure policy

Closed this issue 3 years ago · 4 comments

Answer 1 · 2020-12-10T11:50:16.000Z

Does this sounds like something that would be part of the Uniform standards @rainleander or just something ad hoc that we need to take care of @gianarb ?

Answer 2 · 2020-12-10T18:45:52.000Z

I presume as an independent project Tinkerbell will have its own destination, maybe security@tinkerbell.org with a couple of maintainers listening to it. @rainleander will have to tell us if they want to include the proposed workflow or an equivalent to its Uniform standards or not 👍 What is important to me is that the destination is something Tinkerbell related 👍

Answer 3 · 2020-12-11T09:53:46.000Z

While security is important to me personally, we didn't feel that it was something we could require of all maintained / experimental repositories; so, no, it's not required for Uniform Standards.

It IS a great idea.

But that's up to the community to decide whether it's right for the project / app / Tinkerbell.

Answer 4 · 2021-10-19T15:31:59.000Z

Closing in favor of tinkerbell/org#14 which is closely related and has more actionable items.