request #14950 Add a security policy (aka SECURITY.md) at the root of the sources

Artifact

Infos

Artifact ID#14950

Submitted byThomas Gerbet (tgerbet)

Last Modified On2020-06-05 15:21

Submitted on2020-06-04 16:54

Rank16205

Details

Summary *

Add a security policy (aka SECURITY.md) at the root of the sources

Original Submission

The security policy for the Tuleap project is currently defined on the tuleap.org website (https://www.tuleap.org/security/) which is essential but:
* the sources of Tuleap are replicated in multiple locations, finding how to report a security issue should be easy whatever the location
* having this document in the Tuleap repository means it can be easily used as a base for other Tuleap sub-projects/tools.
* since the migration of tuleap.org to a CMS the content of the security policy is no more versioned (at least not in a way that is usable) which makes hard to track and follow changes over time
* my confidence in the management of the CMS is not very high and ultimately this document should be peer-reviewed

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?