newrelic / .github

Standard policy and procedure across the New Relic GitHub organization
Apache License 2.0
4 stars 31 forks source link

feature: disable check for security policy in Repolint configuration files #39

Open lucasgonze opened 1 year ago

lucasgonze commented 1 year ago

The Repolinter Rulesets check for existence of a SECURITY.md link. We should consider disabling this. There is now a default security policy in the .github repo at https://github.com/newrelic/.github/blob/main/SECURITY.md. There is a link to that global default in the "About" menu on every repository.As a result any other repository that lacks a policy of its own will still have a security policy and a well-known UX path to it.

image

The global default policy is probably better than most projects will do on their own, so nudging projects to make their own security policy may actually decrease security.

Eliminating a Ruleset check reduces work for maintainers and creates engineering efficiencies.

lucasgonze commented 1 year ago
image