From 0676d302c3b17fd13d0e31efbb5c3149943026a1 Mon Sep 17 00:00:00 2001 From: Dianjin Wang Date: Thu, 31 Aug 2023 17:23:42 +0800 Subject: [PATCH] Doc: update security policy and PR template We update the security policy to make our handling process more clear. In addition, adding the code contribution guide to the PR template for developers reference. --- .github/pull_request_template.md | 3 ++- SECURITY.md | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index cf290dd1c67..25b28ab0502 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -29,7 +29,8 @@ _Please detail how the changes were tested, including manual tests and any relev Here are some reminders and checklists before/when submitting your pull request, please check them: - [ ] Make sure your Pull Request has a clear title and commit message. You can take [git-commit](https://github.com/cloudberrydb/cloudberrydb/blob/main/.gitmessage) template as a reference. -- [ ] Sign the Contributor License Agreement as prompted for your first-time contribution. +- [ ] Sign the Contributor License Agreement as prompted for your first-time contribution(*One-time setup*). +- [ ] Learn the [coding contribution guide](https://cloudberrydb.org/contribute/code), including our code conventions, workflow and more. - [ ] List your communication in the [GitHub Issues](https://github.com/cloudberrydb/cloudberrydb/issues) or [Discussions](https://github.com/orgs/cloudberrydb/discussions) (if has or needed). - [ ] Document changes. - [ ] Add tests for the change diff --git a/SECURITY.md b/SECURITY.md index e118ca053cf..36b48877d28 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -44,6 +44,21 @@ For better collaboration, we hope you: Slack](https://github.com/cloudberrydb/cloudberrydb/issues/new/choose) instead. +## Handling Process + +Here's an overview of the security issues handling process: + +* The reporter reports the security issues to the Cloudberry Database + team. +* The Cloudberry Database team investigates the report and decides to + accept or reject the report. If our team rejects the report, the + team will explain why to the reporter. If we accept the report, our + team will work privately with the reporter to fix the security + issues. +* Release the new version of the Cloudberry Database that includes the + fix. +* Public the security issues. + ## Preferred Languages We prefer all communications to be in English.