Open yurishkuro opened 4 months ago
jkowall
commented
4 months ago I will take a look at this one. I will compare the guidelines and try to normalize the DEVELOP, CONTRIBUTING, GUIDELINES and the website https://www.jaegertracing.io/get-involved/.
jkowall
commented
4 months ago Security scanning fix : https://github.com/jaegertracing/jaeger/pull/5364 Update on CODE_OF_CONDUCT and adding MAINTAINERS file : https://github.com/jaegertracing/jaeger/pull/5365
Jaeger doesn't have and likely doesn't need elections or subproject governance.
Open question, do we want to improve the OpenSSF score? https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger It would mean implementing Fuzzing, fixing permissions on tokens minimally.
yurishkuro
commented
4 months ago It would mean implementing Fuzzing, fixing permissions on tokens minimally.
+1 to fix tokens. Fuzzing is a pretty specialized domain, I don't have any expertise in it. It's not that I mind having fuzzing tests, but I am not particularly eager to invest time and I cannot really guide anyone if we make it a help-wanted issue..
jkowall
commented
4 months ago Opened this issue to get official in Artifact Hub : https://github.com/artifacthub/hub/issues/3787
TAG Security has prepared Security Guidelines for new projects on contribute.cncf.io that are worth reviewing to refresh and refamiliarize your project’s configuration and settings. There are also a variety of templates available to assist projects in bootstrapping any governance structure or process they may currently be missing. As your project grows, we encourage projects to leverage the TAG Contributor Strategy’s contributor ladder framework to create structure, expectations, and clear roles and responsibilities for welcoming and inviting contributors to take on more leadership roles within a project. Migrating to this framework can support projects and proactively manage contributions without creating or embellishing a sense of urgency.