Skip to content

Move security policies to summit.git

Different teams have different security policies.

Right now they are each stored in the repo of each team.

This is slightly painful and opaque since:

  • Information is duplicated. Security policies are slightly different from one another.
  • Someone checking the compliance can’t know what people are checking against. It’s possible but feels weird.
  • There’s no list of teams who have a security policy.
  • There’s no possibility of some from outside of team to review the security policy of a team.

Why don’t we move all security policies in summit.git? Everybody who has to follow such a policy would already have access to summit.git.

Feature Branch: summit.git:contrib/16893-document-security-policies

Original created by @sajolida on 16893 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information