The Repolinter Rulesets check for existence of a SECURITY.md link. We should consider disabling this. There is now a default security policy in the .github repo at https://github.com/newrelic/.github/blob/main/SECURITY.md. There is a link to that global default in the "About" menu on every repository.As a result any other repository that lacks a policy of its own will still have a security policy and a well-known UX path to it.
The global default policy is probably better than most projects will do on their own, so nudging projects to make their own security policy may actually decrease security.
Eliminating a Ruleset check reduces work for maintainers and creates engineering efficiencies.
The Repolinter Rulesets check for existence of a SECURITY.md link. We should consider disabling this. There is now a default security policy in the .github repo at https://github.com/newrelic/.github/blob/main/SECURITY.md. There is a link to that global default in the "About" menu on every repository.As a result any other repository that lacks a policy of its own will still have a security policy and a well-known UX path to it.
The global default policy is probably better than most projects will do on their own, so nudging projects to make their own security policy may actually decrease security.
Eliminating a Ruleset check reduces work for maintainers and creates engineering efficiencies.