-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create SECURITY.md #1318
Create SECURITY.md #1318
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1318 +/- ##
=========================================
Coverage 70.36% 70.36%
Complexity 1649 1649
=========================================
Files 32 32
Lines 3790 3790
=========================================
Hits 2667 2667
Misses 1123 1123 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
Probably good to update the release checklist with a note to check the versions in this doc.
Thanks!!!
I wonder if we could make use of the newly published RFC 9116 which defines a machine- and human-readable Ping @kinow , what do you think as the original proposer of this? |
I didn't know about this RFC @osma, thanks! Had a look at the specification, and looks like it'd something to have deployed to Finto, for instance, similar to the I think
p.s interesting that I can see a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Easier! No need to add one more item to the release process, good idea!
SECURITY.md
Outdated
|
||
## Supported Versions | ||
|
||
Following Skosmos versions are currently being supported with security updates. The "current development branch" means the master branch of the repository, whereas the "maintenance branch" corresponds with the latest release of Skosmos. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"currently being supported with security updates" - this doesn't say who is responsible. Could we say:
currently being supported with security updates by the Skosmos development team at the National Library of Finland.
Minor grammar correction: "corresponds with" -> "corresponds to"
To be a bit more explicit about branches, could we express it like this:
whereas the "maintenance branch" is a branch called
vX.X-maintenance
, where the version number X.X corresponds to the latest release of Skosmos.
Kudos, SonarCloud Quality Gate passed! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Reasons for creating this PR
Skosmos repository was missing a security policy file from its community guidelines.
Link to relevant issue(s), if any
Description of the changes in this PR
Known problems or uncertainties in this PR
We need to discuss which versions we are supporting with security patches. Release documentation needs to include updating the security policy file.
Checklist