Skip to content

Add proposed security policy #1803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
reinecke wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add proposed security policy #1803

reinecke wants to merge 4 commits into from

Conversation

@reinecke
Copy link
Collaborator

@reinecke reinecke commented Oct 23, 2024
edited
Loading

Fixes #1790
Fixes #1407

Summarize your change.

Adds a SECURITY.md file with basic documentation of how to report vulnerabilities and out security practices.

DO NOT MERGE UNTIL security@opentimeline.io is created

To discuss

I matched OpenEXR's response times for vulnerabilities, does that make sense for us?

@reinecke reinecke added documentation Best Practices Badge items related to: https://bestpractices.coreinfrastructure.org/en/projects/2288 ASWF labels Oct 23, 2024
@codecov-commenter
Copy link

codecov-commenter commented Oct 23, 2024
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.13%. Comparing base (a71b292) to head (ab0c72f).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1803   +/-   ##
=======================================
  Coverage   85.13%   85.13%           
=======================================
  Files         181      181           
  Lines       12783    12783           
  Branches     1206     1206           
=======================================
  Hits        10883    10883           
  Misses       1717     1717           
  Partials      183      183
Flag Coverage Δ
py-unittests 85.13% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a71b292...ab0c72f. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jmertic
Copy link
Contributor

jmertic commented Oct 24, 2024

Test of security@opentimeline.io completed - https://lists.aswf.io/g/otio-tsc-private/topic/test/109188441

@reinecke
Copy link
Collaborator Author

reinecke commented Oct 24, 2024

@jminor mentions:
We should make sure we as the TAC are clear about who's responsible for responding within the 48 hours and what that response should look like.
Is it just an e-mail?

@reinecke
Add proposed security policy
13348f0 
Signed-off-by: Eric Reinecke <ereinecke@netflix.com>
@reinecke
Updated dependencies in security policy to cover python vs. C++. Adde…
6c1ad05 
…d SECURITY.md to MANIFEST.in

Signed-off-by: Eric Reinecke <ereinecke@netflix.com>
@reinecke
Added MIT license URL to linkcheck ignore due to 403 when attempted f…
e24180f 
…rom github runner

Signed-off-by: Eric Reinecke <ereinecke@netflix.com>
@reinecke reinecke force-pushed the add-security-policy branch from f9a14b6 to e24180f Compare November 1, 2024 19:44
@ssteinbach ssteinbach added this to the 1.0 Release milestone Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ASWF Best Practices Badge items related to: https://bestpractices.coreinfrastructure.org/en/projects/2288

Projects

OpenTimelineIO Release 1.0
Status: To Do

Milestone

1.0 Release

Development

Successfully merging this pull request may close these issues.

Set up a project security policy Security vulnerability process

4 participants

@reinecke @codecov-commenter @jmertic @ssteinbach