You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Bertrand Delacretaz (Jira)" <ji...@apache.org> on 2021/07/27 15:58:00 UTC
[jira] [Updated] (SLING-10676) Add a SECURITY.MD file to all our
Git repositories
[ https://issues.apache.org/jira/browse/SLING-10676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz updated SLING-10676:
----------------------------------------
Description:
We should add [https://github.com/apache/.github/blob/main/.github/SECURITY.md] to all our repositories (but linking to [1]), as per [https://twitter.com/iamamoose/status/1417104695626240001:]
{quote}All Apache projects follow the default ASF security policy; but not all have a github SECURITY․md file, and they get penalised, i.e. with lower #openssf scorecard scores ([http://metrics.openssf.org|http://metrics.openssf.org/])
{quote}
Tentatively assigning to myself but if someone beats me to it I'd be happy!
[1] https://sling.apache.org/project-information/security.html
was:
We should add [https://github.com/apache/.github/blob/main/.github/SECURITY.md] to all our repositories, as per [https://twitter.com/iamamoose/status/1417104695626240001:]
{quote}All Apache projects follow the default ASF security policy; but not all have a github SECURITY․md file, and they get penalised, i.e. with lower #openssf scorecard scores ([http://metrics.openssf.org|http://metrics.openssf.org/])
{quote}
Tentatively assigning to myself but if someone beats me to it I'd be happy!
> Add a SECURITY.MD file to all our Git repositories
> --------------------------------------------------
>
> Key: SLING-10676
> URL: https://issues.apache.org/jira/browse/SLING-10676
> Project: Sling
> Issue Type: Improvement
> Components: Documentation
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Priority: Minor
>
> We should add [https://github.com/apache/.github/blob/main/.github/SECURITY.md] to all our repositories (but linking to [1]), as per [https://twitter.com/iamamoose/status/1417104695626240001:]
> {quote}All Apache projects follow the default ASF security policy; but not all have a github SECURITY․md file, and they get penalised, i.e. with lower #openssf scorecard scores ([http://metrics.openssf.org|http://metrics.openssf.org/])
> {quote}
> Tentatively assigning to myself but if someone beats me to it I'd be happy!
> [1] https://sling.apache.org/project-information/security.html
--
This message was sent by Atlassian Jira
(v8.3.4#803005)