Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enact security policy #1604

Merged
merged 11 commits into from
Jan 26, 2024
Merged

Enact security policy #1604

merged 11 commits into from
Jan 26, 2024

Conversation

Zeitsperre
Copy link
Collaborator

@Zeitsperre Zeitsperre commented Jan 17, 2024
edited
Loading

Pull Request Checklist:

  • This PR addresses an already opened issue (for bug fixes / features)
  • Tests for the changes have been added (for bug fixes / features)
    • (If applicable) Documentation has been added / updated (for bug fixes / features)
  • CHANGES.rst has been updated (with summary of main changes)
    • Link to issue (:issue:number) and pull request (:pull:number) has been added

What kind of change does this PR introduce?

  • Adds a security policy

Does this PR introduce a breaking change?

No.

Other information:

This Pull Request is waiting on the following:

  • Creation of a mail account/redirect specific for the GitHub Organization Admins and major project leads.
  • Make this email redirect group public.
  • Creation of a PGP key pair for encrypted emails (following email creation).
  • CHANGES.rst should be updated with this information as an announcement.

This information will be reusable for all projects falling under Ouranosinc.

@Zeitsperre Zeitsperre added standards / conventions Suggestions on ways forward information For development/intsructional purposes labels Jan 17, 2024
@Zeitsperre Zeitsperre self-assigned this Jan 17, 2024
@Zeitsperre Zeitsperre mentioned this pull request Jan 17, 2024
Closed
@github-actions github-actions bot added the docs Improvements to documenation label Jan 17, 2024
@Zeitsperre Zeitsperre requested review from huard and aulemahal January 23, 2024 15:23
@Zeitsperre Zeitsperre marked this pull request as ready for review January 23, 2024 15:24
@github-actions GitHub Actions
Copy link

Note
It appears that this Pull Request modifies the main.yml workflow.

On inspection, the XCLIM_TESTDATA_BRANCH environment variable is set to the most recent tag (v2023.12.14).

No further action is required.

@github-actions github-actions bot added the CI Automation and Contiunous Integration label Jan 23, 2024
@Zeitsperre
Copy link
Collaborator Author

@huard @aulemahal

I just want to double-check the PGP key before merging, but otherwise this is ready for review.

aulemahal
aulemahal approved these changes Jan 24, 2024
View reviewed changes
Copy link
Collaborator

@aulemahal aulemahal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Héhé I have some difficulties in imagining a "security vulnerability" stemming from xclim (and not from a dependency), but eh. Better safe than sorry.

@github-actions github-actions bot added the approved Approved for additional tests label Jan 24, 2024
@Zeitsperre
Copy link
Collaborator Author

Same. The way I see this is we now have a security process in place that can serve all of our projects. I can imagine that with PAVICS-related projects, server-side security is a much harder thing to secure. You never know when an issue could come up there.

This also nearly completes the OpenSSF certification, so that's also pretty cool.

@coveralls
Copy link

Coverage Status

coverage: 90.299%. remained the same
when pulling 28a52d3 on security-policy
into b8446c4 on master.

huard
huard approved these changes Jan 24, 2024
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
@Zeitsperre Zeitsperre merged commit d783301 into master Jan 26, 2024
27 checks passed
@Zeitsperre Zeitsperre deleted the security-policy branch January 26, 2024 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aulemahal aulemahal aulemahal approved these changes

@huard huard huard approved these changes

Assignees

@Zeitsperre Zeitsperre

Labels
approved Approved for additional tests CI Automation and Contiunous Integration docs Improvements to documenation information For development/intsructional purposes standards / conventions Suggestions on ways forward
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Zeitsperre @coveralls @huard @aulemahal