Proposal for SSWG incubation process change: add section about security requirements

tomerd · 2019-08-16T03:49:53.391Z

this proposal proposes to amend the SSWG incubation process. the SSWG seeks the community's feedback about this change.

author: @tomerd
feedback period: 2019-08-15 ..< 2019-08-29

motivation: add more explicit requirements around notifying the workgroup of security vulnerabilities so that this information can be shared with the user community

changes:

add a "Security Best Practices" section with explicit instructions around notifying the workgroup of vulnerabilities
move vulnerabilities fixing requirements from "Graduation Requirements" to "Security Best Practices"

johannesweiss · 2019-08-16T11:38:47.074Z

Huge +1 from me.

MrLotU · 2019-08-16T11:43:49.368Z

+1 With the SSWG providing a set of standards and a bigger and bigger part of the ecosystem depending on them, I think it's important to have a clear way to bring up security vulnerabilities.

ktoso · 2019-08-16T23:45:58.773Z

+1-ed on the PR but might as well here Very important to set and follow the right standards about security for projects under the umbrella

tomerd · 2019-08-31T06:21:19.153Z

this is now merged