Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SECURITY.md to IF #1084

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add SECURITY.md to IF #1084

wants to merge 3 commits into from
+155 −37

Conversation

jmcook1186
Copy link
Contributor

Types of changes

  • Enhancement (project structure, spelling, grammar, formatting)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.

A description of the changes proposed in the Pull Request

SECURITY.md is required for project graduation. Doc follows template from CA-SDK.

@jmcook1186 jmcook1186 self-assigned this Nov 28, 2024
narekhovhannisyan
narekhovhannisyan reviewed Nov 28, 2024
View reviewed changes
CONTRIBUTING.md Outdated Show resolved Hide resolved
narekhovhannisyan
narekhovhannisyan reviewed Nov 28, 2024
View reviewed changes
SECURITY.md Outdated
- https://www.bestpractices.dev/en/criteria/0#0.crypto_floss - ✅ uses dotnet 8.0 implementations
- https://www.bestpractices.dev/en/criteria/0#0.crypto_keylength - ✅ uses dotnet 8.0 implementations
- https://www.bestpractices.dev/en/criteria/0#0.crypto_working - ✅ uses dotnet 8.0 implementations
- https://www.bestpractices.dev/en/criteria/0#0.crypto_password_storage - ✅ ⚠️ uses dotnet 8.0 implementations
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dotnet?

jmcook1186 and others added 2 commits December 2, 2024 14:42
@jmcook1186 @narekhovhannisyan
Update CONTRIBUTING.md
ef22035 
Co-authored-by: Narek Hovhannisyan <[email protected]>
Signed-off-by: Joseph Cook <[email protected]>
@jmcook1186
feat(package): amend security.md
efff3df
manushak
manushak reviewed Dec 2, 2024
View reviewed changes
CONTRIBUTING.md

Once a suitably detailed bug report exists, we will triage it. Triage means that the core team will examine the issue and assign an urgency label - either Low, Medium or High.
Once a suitably detailed bug report exists, we will triage it. We hold weekly triage calls on Tuesdays. In most cases, the triage call will be the core team's first interaction with the bug, although in some cases we may engage asynchronously in advance of the call. Triage means that the core team will examine the issue and assign an urgency label - either Low, Medium or High.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Once a suitably detailed bug report exists, we will triage it. We hold weekly triage calls on Tuesdays. In most cases, the triage call will be the core team's first interaction with the bug, although in some cases we may engage asynchronously in advance of the call. Triage means that the core team will examine the issue and assign an urgency label - either Low, Medium or High.
Once a suitably detailed bug report exists, we will triage it. Triage means that the core team will examine the issue and assign an urgency label - either Low, Medium or High.

CONTRIBUTING.md
@@ -69,9 +70,9 @@ The mapping of severity to label is as follows:
| 4 | H |
| 5 | H |

For high urgency bugs, the fix will be implemented as soon as possible. Low priority bugs will be backlogged and addressed when there is developer time available. Low priority bugs will also be tagged `help-wanted` so that they can be addressed by community members.
During the bug triage we will also discuss a remediation plan for the bug. This will be communicated in the comments on the bug report. For high urgency bugs, the fix will be implemented as soon as possible, maybe reorganizing our current work to accommodate it. For medium priority bugs, we will schedule the fix in the next available sprint. Low priority bugs will be backlogged and addressed when there is developer time available. Low priority bugs will also be tagged `help-wanted` so that they can be addressed by community members.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
During the bug triage we will also discuss a remediation plan for the bug. This will be communicated in the comments on the bug report. For high urgency bugs, the fix will be implemented as soon as possible, maybe reorganizing our current work to accommodate it. For medium priority bugs, we will schedule the fix in the next available sprint. Low priority bugs will be backlogged and addressed when there is developer time available. Low priority bugs will also be tagged `help-wanted` so that they can be addressed by community members.
The fix will be implemented for high-urgency bugs as soon as possible. Low priority bugs will be backlogged and addressed when there is developer time available. Low priority bugs will also be tagged `help-wanted` so that they can be addressed by community members.

CONTRIBUTING.md
@@ -154,29 +168,30 @@ $ git push origin <topic-branch-name>

### Step 6: Pull Request

Open a Pull Request from your fork of the repository to the `main` branch of the IF repository with a clear title and description according to [template](.github/PULL_REQUEST_TEMPLATE.md).
Open a Pull Request from your fork of the repository to the `dev` branch of the IF repository with a clear title and description according to [template](.github/PULL_REQUEST_TEMPLATE.md).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Open a Pull Request from your fork of the repository to the `dev` branch of the IF repository with a clear title and description according to [template](.github/PULL_REQUEST_TEMPLATE.md).
Open a Pull Request from your fork of the repository to the `main` branch of the IF repository with a clear title and description according to [template](.github/PULL_REQUEST_TEMPLATE.md).

CONTRIBUTING.md

It also helps to avoid ambiguity and naming collisions within and across plugins. Ensure that names clearly and precisely describe the purpose of an element to make its functionality immediately apparent.
It also helps to avoid ambiguity and naming collisions within and across plugins. Your name should describe what an element does as precisely as practically possible.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It also helps to avoid ambiguity and naming collisions within and across plugins. Your name should describe what an element does as precisely as practically possible.
It also helps to avoid ambiguity and naming collisions within and across plugins. Ensure that names clearly and precisely describe the purpose of an element to make its functionality immediately apparent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@narekhovhannisyan narekhovhannisyan narekhovhannisyan left review comments

@manushak manushak manushak left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@jmcook1186 jmcook1186

Labels
None yet
Projects
IF
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmcook1186 @manushak @narekhovhannisyan