The security policy for the Tuleap project is currently defined on the tuleap.org website (https://www.tuleap.org/security/
) which is essential but:
* the sources of Tuleap are replicated in multiple locations, finding how to report a security issue should be easy whatever the location
* having this document in the Tuleap repository means it can be easily used as a base for other Tuleap sub-projects/tools.
* since the migration of tuleap.org to a CMS the content of the security policy is no more versioned (at least not in a way that is usable) which makes hard to track and follow changes over time
* my confidence in the management of the CMS is not very high and ultimately this document should be peer-reviewed