search

DSACMS / dedupliFHIR

Prototype for basic deduplication and aggregation of eCQM data
Creative Commons Zero v1.0 Universal
8 stars 0 forks source link

Delete SECURITY.md #17

Closed natalialuzuriaga closed 5 months ago

natalialuzuriaga commented 5 months ago

Delete SECURITY.md

Problem

As part of our outbound review process, we are cleaning up our repo and removing unnecessary files including SECURITY.md

Solution

This file is no longer needed since the README.md and CONTRIBUTING.md has a section that includes this Security and Responsible Disclosure Policy.

decause-gov commented 5 months ago

I might be wrong about this, so correct me if I am, but I think the idea for README.md is to include a reference each of our policies (LICENSE.md, CONTRIBUTING.MD, SECURITY.md) and then the policies live in separate files so that we don't have to put all the information into the README.md directly?

This also makes is easier for us to make atomic changes to many SECURITY.md policies across many repos, without needing to touch the README.md or other documentation, that might vary widely from project to project.

Lemme know if I've got it twisted tho :)

natalialuzuriaga commented 5 months ago

Discussed Remy's thoughts above and came to this conclusion: We decided to include SECURITY.md as part of our documentation for maturity models. Updating SECURITY.md to include content from entire Security policy section of the README.md. Will be replacing the README.md section with the vulnerability submission blurb and one-liner

natalialuzuriaga commented 5 months ago

Closing this PR as a result^