mirror of https://git.tukaani.org/xz.git
fe9e66993f
One of the reasons to have this file in the xz repository was to show vulnerability reporting info in the Security section on GitHub. On 2024-11-25, I added SECURITY.md to the tukaani-project organization on GitHub: https://github.com/tukaani-project/.github/blob/main/SECURITY.md GitHub shows that file in all projects in the organization unless overridden by a project-specific SECURITY.md. Thus, removing the file from the xz repo makes GitHub show the organization-wide text instead. Maintaining a single copy for the whole GitHub organization makes things simpler. It's also nicer to have fewer GitHub-specific files in the xz repo. Information how to report bugs (including security issues) is available in README and on the home page too. The OpenSSF Scorecard tool didn't find .github/SECURITY.md from the xz repository. There was a suggestion to move the file to the top-level directory where Scorecard should find it. However, Scorecard does find the organization-wide SECURITY.md. Thus, the file isn't needed in the xz repository to score points in the Scorecard game: https://scorecard.dev/viewer/?uri=github.com/tukaani-project/xz Closes: https://github.com/tukaani-project/xz/issues/148 Closes: https://github.com/tukaani-project/xz/pull/149 |
||
---|---|---|
.. | ||
workflows |