Conversation
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
thomas-fossati
left a comment
There was a problem hiding this comment.
Amazing stuff Steve, thanks very much!
The one comment I have is about scope: since this is supposed to apply globally, I think we should create a github.com/veraison/policies repo and move this (and similarly scoped) content there. Then have each repo link the relevant bits.
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
|
This is ready for review.
|
thomas-fossati
left a comment
There was a problem hiding this comment.
LGTM, thanks! I left a couple of comments inline.
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
|
Thanks @thomas-fossati, I've updated all the feedback. |
|
Well... wouldn't it be cooler, if we set ourselves a deadline, before which we must have reacted and such? You know, in support of responsible disclosure; at the same time warning about the consequences of "wild disclosure"? Or is that out-of-scope? |
|
Also, full disclosure, after at least two 3rd party code review would be a nice-to-have, so others can learn from mistakes made. Not sure, if we can guarantee the resources for that, though. |
In an ideal world, yes. In the real world it's too risky. |
That's a good aspiration. However, as you also noted, we are not in a position to commit anyone outside the 1st party ring. |
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
Thank you Steve! LGTM!
Great Job!
|
Thanks @yogeshbdeshpandec @thomas-fossati, @henkbirkholz Great to see the finishings come together |
|
Hmm working on a USA Holiday! Great stuff! |
Adds a baseline security process.
Note: Majority of the content copied from: https://github.com/helm/helm/blob/main/SECURITY.md
There are still a few todos
Signed-off-by: Steve Lasker stevenlasker@hotmail.com