Add Security Policy

[niccokunzmann]

This issue tracks the different stages of what it takes to create a security policy.

• create a security policy Add Security Policy #755
• As of now, once merged, we need to activate this green button on the project.
• Also, I will wait for at least two weeks to give Plone's security team a chance to review before merge. (until Monday 6th Jan 2025)
• Create direct link to report security, see here
• Create link to page with security announcements on GitHub.
• add link to tidelift in funding.yml requires: Tidelift - Software Supply Chain Security & Sustainability #754 (comment)

See also:

• Originally posted by @niccokunzmann in Add Security Policy #755 (comment)

[niccokunzmann]

[niccokunzmann]

If we create a direct link to report on our docs page, then that would lead to a log-in page of a different website. That might not be too nice.
@stevepiercy if you feel like it, please suggest a change.

[stevepiercy]

If we create a direct link to report on our docs page, then that would lead to a log-in page of a different website. That might not be too nice. @stevepiercy if you feel like it, please suggest a change.

What is the link? And on which document? I don't follow.

[niccokunzmann]

What is the link?

As I remember, you suggested adding a direct link to the page of the Security Policy that the green button points to:

[stevepiercy]

Since it requires authentication, then I wouldn't add it. Let's cross it off the list.

[stevepiercy]

FTR, I think you meant this link:

https://github.com/collective/icalendar/security/advisories/new

If you are authenticated to GitHub, then you can proceed. If not, then it redirects you to login. And if you ever use Sphinx linkcheck, links that redirect or require authentication will fail.