git.ipfire.org Git - thirdparty/xz.git/commit

author	Lasse Collin <lasse.collin@tukaani.org>
	Sat, 30 Nov 2024 10:05:59 +0000 (12:05 +0200)
committer	Lasse Collin <lasse.collin@tukaani.org>
	Sat, 30 Nov 2024 10:05:59 +0000 (12:05 +0200)
commit	fe9e66993fdbcc2981c7361b9b034a451eb0fc42
tree	e41f86d9dfbcb915142b43d7dae20874c7dd5c88	tree \| snapshot
parent	b36177273602ebc83e9cc58517f63a7b6af33f70	commit \| diff

Docs: Remove .github/SECURITY.md

One of the reasons to have this file in the xz repository was to
show vulnerability reporting info in the Security section on GitHub.
On 2024-11-25, I added SECURITY.md to the tukaani-project organization
on GitHub:

https://github.com/tukaani-project/.github/blob/main/SECURITY.md

GitHub shows that file in all projects in the organization unless
overridden by a project-specific SECURITY.md. Thus, removing
the file from the xz repo makes GitHub show the organization-wide
text instead.

Maintaining a single copy for the whole GitHub organization makes
things simpler. It's also nicer to have fewer GitHub-specific files
in the xz repo. Information how to report bugs (including security
issues) is available in README and on the home page too.

The OpenSSF Scorecard tool didn't find .github/SECURITY.md from the
xz repository. There was a suggestion to move the file to the top-level
directory where Scorecard should find it. However, Scorecard does find
the organization-wide SECURITY.md. Thus, the file isn't needed in the
xz repository to score points in the Scorecard game:

https://scorecard.dev/viewer/?uri=github.com/tukaani-project/xz

Closes: https://github.com/tukaani-project/xz/issues/148
Closes: https://github.com/tukaani-project/xz/pull/149