docs: add security policy#2127
Conversation
innocenzi
left a comment
innocenzi
left a comment
There was a problem hiding this comment.
Only a syntax review, I haven't checked the policy itself, will need @aidan-casey, @xHeaven and @brendt's review
Obviously I can make all of those changes, but from a grammar standpoint;
So in this context, most of those should in fact be capitalised where used. If you need the headings to follow the convention so only the first character is a capital, I can re-work it so it doesn't use the proper nouns, but the references within the paragraphs themselves should remain capitalised. Would that work? (And I can obviously do a commit changing TempestPHP to Tempest...) |
|
Sorry, but you're incorrect. None of those are "proper nouns", they're actually common nouns, even those referring to very specific concepts. Let's stick to sentence case to stay consistent with the current documentation and keep it easy to scan |
Co-authored-by: Enzo Innocenzi <enzo@innocenzi.dev>
2 participants
I offered to type this up in the Discord a while ago, Aidan said to go ahead, so now committing this for review.
It's just a light touch and from what I can see outwardly just covers off what you're already doing.
I drew guidance from the following:
https://symfony.com/doc/current/contributing/code/security.html
https://github.com/github/opensource.guide/blob/main/_articles/security-best-practices-for-your-project.md
Personal knowledge (I'm an InfoSec Consultant)
If you'd like me to go into more detail or add anything else, I'm happy to work on it.
You may also need to manually link it in the "Security and quality" tab if it's not automatically detected.
In the initial commit I did suggest a security shared email address, but as GH has a private submission form which goes to core maintainers, I just updated to use that link.