Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add proposed security policy #1803

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add proposed security policy #1803

wants to merge 2 commits into from

Conversation

reinecke
Copy link
Collaborator

@reinecke reinecke commented Oct 23, 2024
edited
Loading

Fixes #1790
Fixes #1407

Summarize your change.

Adds a SECURITY.md file with basic documentation of how to report vulnerabilities and out security practices.

DO NOT MERGE UNTIL [email protected] is created

To discuss

I matched OpenEXR's response times for vulnerabilities, does that make sense for us?

@reinecke
Add proposed security policy
adaca8d 
Signed-off-by: Eric Reinecke <[email protected]>
@reinecke reinecke added documentation Best Practices Badge items related to: https://bestpractices.coreinfrastructure.org/en/projects/2288 ASWF labels Oct 23, 2024
@reinecke
Updated dependencies in security policy to cover python vs. C++. Adde…
7735e8a 
…d SECURITY.md to MANIFEST.in

Signed-off-by: Eric Reinecke <[email protected]>
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.55%. Comparing base (c0e97b0) to head (7735e8a).
Report is 27 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1803      +/-   ##
==========================================
- Coverage   84.11%   81.55%   -2.57%     
==========================================
  Files         198      176      -22     
  Lines       22241    12666    -9575     
  Branches     4687     2791    -1896     
==========================================
- Hits        18709    10330    -8379     
+ Misses       2610     1796     -814     
+ Partials      922      540     -382
Flag Coverage Δ
py-unittests 81.55% <ø> (-2.57%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 122 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5dff8be...7735e8a. Read the comment docs.

@jmertic
Copy link
Contributor

jmertic commented Oct 24, 2024

Test of [email protected] completed - https://lists.aswf.io/g/otio-tsc-private/topic/test/109188441

@reinecke
Copy link
Collaborator Author

@jminor mentions:
We should make sure we as the TAC are clear about who's responsible for responding within the 48 hours and what that response should look like.
Is it just an e-mail?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ASWF Best Practices Badge items related to: https://bestpractices.coreinfrastructure.org/en/projects/2288
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set up a project security policy Security vulnerability process
3 participants
@reinecke @codecov-commenter @jmertic