SECURITY file requires update
From these recent posts:
- https://blogs.eclipse.org/post/marta-rybczynska/eclipse-foundation-default-security-tracker-moves
- https://blogs.eclipse.org/post/marta-rybczynska/how-report-security-issue-eclipse-foundation-project
I conclude:
- Besides emailing security@eclipse.org, it is now also possible to report vulnerabilities via Eclipse Foundation security team's GitLab at https://gitlab.eclipse.org/security/vulnerability-reports/-/issues.
- If you are logged in with your Eclipse Foundation account, you can report a vulnerability at https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new (or maybe https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability is better?). You'll get a 404 error if you are not logged in.
- It seems the email address is now security@eclipse-foundation.org rather than security@eclipse.org.
- If people email the Eclipse Foundation security team, they should clearly mention which project is affected.
We should update the SECURITY.asciidoc
file in our repo. We should do this before our progress/graduation review (see #614 (closed)).