Skip to content

Document security processes and releases #74

Description

@annebdh

There needs to be clear guidance for ROOST project users on how to stay informed of security releases (eg off-cadence security patch releases). For transparency, there should also be more information about ROOST's vulnerability response processes. Both of these are org-wide processes, but users will be looking for the information at the project level.

Proposal:

  • Create a "Release cadence" section in both the Osprey and Coop documentation READMEs
  • Create a "security-process" folder in /community. In README, explain off-cadence security releases, ROOST vuln response process, and how to stay up to date.
  • In both project /docs/ READMEs:
    • State that both projects use semantic versioning, with very light explanation
    • Link to roadmap
    • Explain that security releases may come off cycle, point to [email protected] list as place for updates (in addition to GitHub Advisories)
    • Link to "/community/security-process" for more info

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    Priority

    None yet

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions