feature: disable check for security policy in Repolint configuration files #39
Comments
|
lucasgonze
added a commit
to lucasgonze/.github
that referenced
this issue
Sep 28, 2023
… for either long-form HTML (as the previous regex was checking for) OR short-form markdown (which was suggested in the past). Remove checks for SECURITY.md links to address newrelic#39 Signed-off-by: Lucas Gonze <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Repolinter Rulesets check for existence of a SECURITY.md link. We should consider disabling this. There is now a default security policy in the .github repo at https://github.com/newrelic/.github/blob/main/SECURITY.md. There is a link to that global default in the "About" menu on every repository.As a result any other repository that lacks a policy of its own will still have a security policy and a well-known UX path to it.
The global default policy is probably better than most projects will do on their own, so nudging projects to make their own security policy may actually decrease security.
Eliminating a Ruleset check reduces work for maintainers and creates engineering efficiencies.
The text was updated successfully, but these errors were encountered: