Add SECURITY.asciidoc file to repository
We need to add a SECURITY
(or SECURITY.asciidoc
) file to the root of our repository.
There is no template yet, but one is being developed. See https://gitlab.eclipse.org/eclipse/dash/org.eclipse.dash.handbook/-/issues/150. The following is considered a good example: https://github.com/eclipse/rdf4j/blob/main/SECURITY.md.
There is some freedom for teams to decide on their own security policy for their project, within the constraints of the Eclipse Foundation Vulnerability Reporting Policy (see https://www.eclipse.org/security/policy.php) and the Eclipse Foundation Project Handbook (see https://www.eclipse.org/projects/handbook/#vulnerability).
See also https://www.eclipse.org/lists/eclipse.org-committers/msg01320.html for more information, and the official announcement.