Skip to content

Add Security Policy document#8823

Merged
jekyllbot merged 8 commits intomasterfrom
security-policy
Dec 16, 2021
Merged

Add Security Policy document#8823
jekyllbot merged 8 commits intomasterfrom
security-policy

Conversation

@parkr
Copy link
Copy Markdown
Member

@parkr parkr commented Sep 26, 2021
edited
Loading

This is a 🔦 documentation change.

Summary

Create a security policy for submitting security vulnerabilities to the Jekyll team.

Context

I'm going to continue maintaining the Jekyll v3.9.x branch for GitHub Pages for a while. One thing that would be nice to have is a security policy so that we can receive vulnerabilities directly. I've hand-written this policy. Feel free to make suggestions.

Fixes #8755.

@parkr
Create SECURITY.md
52807ff 
Create a security policy for submitting security vulnerabilities to the Jekyll team.
@parkr parkr requested a review from a team September 26, 2021 04:04
ashmaroli
ashmaroli reviewed Sep 26, 2021
View reviewed changes
@parkr @ashmaroli
SECURITY: versions < 3.9.x are out-of-scope
df6accc 
Co-authored-by: Ashwin Maroli <ashmaroli@users.noreply.github.com>
@parkr parkr mentioned this pull request Oct 6, 2021
Closed
@ashmaroli ashmaroli mentioned this pull request Oct 6, 2021
Closed
@parkr parkr requested review from ashmaroli and mattr- October 10, 2021 00:53
@ashmaroli ashmaroli changed the title Create SECURITY.md Add Security Policy document Oct 10, 2021
@ashmaroli
Copy link
Copy Markdown
Member

ashmaroli commented Oct 10, 2021

@parkr I have some additional comments that you may choose to consider implementing as part of this PR or defer for a future one:

  • We should expose this via jekyllrb.com/docs/ as well, consistent with CODE_OF_CONDUCT.markdown, CONTRIBUTING.markdown
    (via rake site:generate).
  • Change file extension to .markdown, (if allowed), to be consistent with existing meta documents like History.markdown, CODE_OF_CONDUCT.markdown, CONTRIBUTING.markdown, etc.

@ashmaroli
Copy link
Copy Markdown
Member

ashmaroli commented Dec 16, 2021

ping @mattr-

@ashmaroli
Copy link
Copy Markdown
Member

ashmaroli commented Dec 16, 2021

Thank you @parkr
@jekyllbot: merge +doc

@jekyllbot jekyllbot merged commit 5aeb2bf into master Dec 16, 2021
@jekyllbot jekyllbot deleted the security-policy branch December 16, 2021 14:17
jekyllbot added a commit that referenced this pull request Dec 16, 2021
@jekyllbot
Update history to reflect merge of #8823 [ci skip]
30f795f
github-actions bot pushed a commit that referenced this pull request Dec 16, 2021
@jekyllbot
Deploy docs from 5aeb2bf
9e80840 
Parker Moore: Add Security Policy document (#8823)

Merge pull request 8823
@parkr
Copy link
Copy Markdown
Member Author

parkr commented Dec 16, 2021

  • We should expose this via jekyllrb.com/docs/ as well, consistent with CODE_OF_CONDUCT.markdown, CONTRIBUTING.markdown
    (via rake site:generate).

Absolutely! This is a great idea. Feel free to PR it since it was your idea.

  • Change file extension to .markdown, (if allowed), to be consistent with existing meta documents like History.markdown, CODE_OF_CONDUCT.markdown, CONTRIBUTING.markdown, etc.

We can try SECURITY.markdown and see if it works. The documentation says SECURITY.md explicitly but perhaps it's more permissive.

@ashmaroli ashmaroli mentioned this pull request Dec 16, 2021
Merged
@jekyll jekyll locked and limited conversation to collaborators Dec 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mattr- mattr- mattr- approved these changes

@ashmaroli ashmaroli ashmaroli approved these changes

+1 more reviewer

@jsoref jsoref jsoref left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation frozen-due-to-age

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

docs: add a security policy

5 participants

@parkr @ashmaroli @mattr- @jsoref @jekyllbot