Skip to content

Add proposed security policy #1803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add proposed security policy #1803

wants to merge 3 commits into from

Conversation

@reinecke
Copy link
Collaborator

@reinecke reinecke commented Oct 23, 2024
edited
Loading

Fixes #1790
Fixes #1407

Summarize your change.

Adds a SECURITY.md file with basic documentation of how to report vulnerabilities and out security practices.

DO NOT MERGE UNTIL security@opentimeline.io is created

To discuss

I matched OpenEXR's response times for vulnerabilities, does that make sense for us?
@reinecke reinecke added documentation Best Practices Badge items related to: https://bestpractices.coreinfrastructure.org/en/projects/2288 ASWF labels Oct 23, 2024
@codecov-commenter
Copy link

codecov-commenter commented Oct 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.55%. Comparing base (c0e97b0) to head (e24180f).
Report is 27 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@ Coverage Diff @@ ## main #1803 +/- ## ========================================== - Coverage 84.11% 81.55% -2.57%  ========================================== Files 198 176 -22 Lines 22241 12666 -9575 Branches 4687 2782 -1905 ========================================== - Hits 18709 10330 -8379  + Misses 2610 1794 -816  + Partials 922 542 -380
Flag Coverage Δ
py-unittests 81.55% <ø> (-2.57%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 122 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5dff8be...e24180f. Read the comment docs.
@jmertic
Copy link
Contributor

jmertic commented Oct 24, 2024

Test of security@opentimeline.io completed - https://lists.aswf.io/g/otio-tsc-private/topic/test/109188441
@reinecke
Copy link
Collaborator Author

@jminor mentions:
We should make sure we as the TAC are clear about who's responsible for responding within the 48 hours and what that response should look like.
Is it just an e-mail?
@reinecke
Add proposed security policy
13348f0 
Signed-off-by: Eric Reinecke <ereinecke@netflix.com>
@reinecke
Updated dependencies in security policy to cover python vs. C++. Adde…
6c1ad05 
…d SECURITY.md to MANIFEST.in Signed-off-by: Eric Reinecke <ereinecke@netflix.com>
@reinecke
Added MIT license URL to linkcheck ignore due to 403 when attempted f…
e24180f 
…rom github runner Signed-off-by: Eric Reinecke <ereinecke@netflix.com>
@reinecke reinecke force-pushed the add-security-policy branch from f9a14b6 to e24180f Compare November 1, 2024 19:44
@ssteinbach ssteinbach added this to the 1.0 Release milestone Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ASWF Best Practices Badge items related to: https://bestpractices.coreinfrastructure.org/en/projects/2288 documentation

4 participants

@reinecke @codecov-commenter @jmertic @ssteinbach