You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ossf/scorecard-monitor#85 and ossf/scorecard-monitor#86 are two examples that highlight a need for us to make a decision on how we handle our community health files e.g., security policy, code of conduct, especially now that we have new subprojects in the mix (ref: #4073)
Premises:
Subproject community health files should be subservient to/strictly reference the applicable OpenSSF Scorecard. This minimizes drift and keeps a consistent experience across the project. e.g., https://github.com/kubernetes/kubernetes-template-project
Problems:
OpenSSF Scorecard core community health files may not be up-to-date, so copy/paste activities will lead to incorrect data in multiple places
I think this is a good idea. We can all benefit from having common community health files (CoC, Security, etc.). Any project that requires a custom version can still create their own files in the repository. The system should be flexible enough for this. Additionally, it will significantly speed up the generation of new projects.
ossf/scorecard-monitor#85 and ossf/scorecard-monitor#86 are two examples that highlight a need for us to make a decision on how we handle our community health files e.g., security policy, code of conduct, especially now that we have new subprojects in the mix (ref: #4073)
Premises:
Problems:
cc: @ossf/scorecard-maintainers @UlisesGascon @KoolTheba @lelia
The text was updated successfully, but these errors were encountered: