Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create SECURITY.md for GitHub security policy page #79050

Merged
merged 1 commit into from
Jun 17, 2019
Merged

Create SECURITY.md for GitHub security policy page #79050

merged 1 commit into from
Jun 17, 2019

Conversation

praseodym
Copy link
Contributor

GitHub has a security policy page that uses a SECURITY.md file from the repository to show the project's security policy.

/kind documentation

Fixes #79049

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/documentation Categorizes issue or PR as related to documentation. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 14, 2019
@k8s-ci-robot
Copy link
Contributor

Hi @praseodym. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 14, 2019
@praseodym
Copy link
Contributor Author

/assign @lavalamp

@nikhita
Copy link
Member

nikhita commented Jun 16, 2019

Looks like SECURITY.md can be added in .github as well: https://help.github.com/en/articles/adding-a-security-policy-to-your-repository

Wdyt about moving it there to avoid populating the root of the repo? I think the main benefit of having this doc is that people can see it while creating new issues and if they click on the Security tab, not as much as checking out the file from the root of the repo.

Umm, not sure which SIG but gonna go with contribex because the "security policy" is visible while creating new issues:
/sig contributor-experience
/priority important-longterm
/cc @cblecker @liggitt

@k8s-ci-robot k8s-ci-robot added sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 16, 2019
@praseodym
Create SECURITY.md for GitHub security policy page
a3079f1 
GitHub has a security policy page (https://github.com/kubernetes/kubernetes/security/policy)
that uses a SECURITY.md file from the repository to show the project's
security policy.

https://help.github.com/en/articles/adding-a-security-policy-to-your-repository
@praseodym
Copy link
Contributor Author

Looks like SECURITY.md can be added in .github as well: https://help.github.com/en/articles/adding-a-security-policy-to-your-repository

Wdyt about moving it there to avoid populating the root of the repo? I think the main benefit of having this doc is that people can see it while creating new issues and if they click on the Security tab, not as much as checking out the file from the root of the repo.

Didn't know that, I completely agree with not polluting the root of the repo. Changed to the commit to add it as .github/SECURITY.md instead.

Thanks!

nikhita
nikhita approved these changes Jun 16, 2019
View reviewed changes
Copy link
Member

@nikhita nikhita left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test
/lgtm

Leaving approval to @cblecker

/assign @cblecker
/unassign @lavalamp

@k8s-ci-robot k8s-ci-robot assigned nikhita and unassigned lavalamp Jun 16, 2019
@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 16, 2019
@nikhita
Copy link
Member

nikhita commented Jun 16, 2019 via email

@cblecker
Copy link
Member

/lgtm
/approve

fyi @kubernetes/product-security-committee

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cblecker, praseodym

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 17, 2019
@k8s-ci-robot k8s-ci-robot merged commit 1894889 into kubernetes:master Jun 17, 2019
@praseodym praseodym deleted the patch-1 branch June 18, 2019 05:30
tedyu added a commit to tedyu/kubernetes that referenced this pull request Jun 18, 2019
@tedyu @yutedz
Merge pull request kubernetes#79050 from praseodym/patch-1
2a93180 
Create SECURITY.md for GitHub security policy page
@joelsmith joelsmith mentioned this pull request Jul 28, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikhita nikhita nikhita approved these changes

@dchen1107 dchen1107 Awaiting requested review from dchen1107

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

@cblecker cblecker Awaiting requested review from cblecker

@liggitt liggitt Awaiting requested review from liggitt

Assignees

@cblecker cblecker

@nikhita nikhita

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/documentation Categorizes issue or PR as related to documentation. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note-none Denotes a PR that doesn't merit a release note. sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create SECURITY.md for GitHub security policy page
5 participants
@praseodym @k8s-ci-robot @nikhita @cblecker @lavalamp