You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub recommends that projects have a dedicated Security Policy file (SECURITY.md).
psutil already has a de facto security policy in the Contribution Guide, but having this information in a dedicated file makes the information easier to find. Not only is SECURITY.md a standard file security researchers look for, but if GitHub detects the file, it automatically adds its contents to the project's Security panel and adds a new "issue type" that directs users to the policy.
I'd therefore suggest moving the Tidelift information from the Contributor Guide to a dedicated file. I'll send a PR with a draft along with this issue.
Disclosure: My name is Pedro and I work with Google and the Open Source Security Foundation (OpenSSF) to improve the supply-chain security of the open-source ecosystem.
The text was updated successfully, but these errors were encountered:
Summary
Description
GitHub recommends that projects have a dedicated Security Policy file (SECURITY.md).
psutil already has a de facto security policy in the Contribution Guide, but having this information in a dedicated file makes the information easier to find. Not only is SECURITY.md a standard file security researchers look for, but if GitHub detects the file, it automatically adds its contents to the project's Security panel and adds a new "issue type" that directs users to the policy.
I'd therefore suggest moving the Tidelift information from the Contributor Guide to a dedicated file. I'll send a PR with a draft along with this issue.
Disclosure: My name is Pedro and I work with Google and the Open Source Security Foundation (OpenSSF) to improve the supply-chain security of the open-source ecosystem.
The text was updated successfully, but these errors were encountered: