Use the security team's template for a SECURITY file example
diff --git a/tools/documentation.php b/tools/documentation.php
index 67a0944..98532c8 100644
--- a/tools/documentation.php
+++ b/tools/documentation.php
@@ -380,26 +380,19 @@
</h3>
<p>The SECURITY file describes products and product versions that for
- which security updates may be applied and the means by which vulerabilities
+ which security updates may be applied and the means by which vulnerabilities
are reported.</p>
- <p>The example below has been generated using project metadata and may or
- may not make sense for your project (that is, you'll likely have to modify
- it). Note that it is acceptable to describe your supported versions rather
+ <p>The Eclipse Security team provides the following
+ <a href="https://github.com/eclipse-csi/security-handbook/blob/main/templates/SECURITY.md?plain=1">template</a>.
+ <strong>You must to modify it with information that corresponds to your project.</strong>
+ Note that it is acceptable to describe your supported versions rather
than list them explicitly (that is, you can say, for example, that "two
most recent major or minor release versions are supported" or similar).</p>
<p>The SECURITY file may have an extension, and should be placed in the root of all project
repositories.</p>
-
- <p>
- This file is available in both <a
- href="legal/security.php?id=<?php echo $id?>">Markdown</a> and <a
- href="legal/security.php?id=<?php echo $id?>&asciidoc">AsciiDoc</a>
- format. Note that you must be logged in for this link to work.
- </p>
-
<?php
renderTemplate ( function () use (&$id) {
renderSecurityFile ( $id );
diff --git a/tools/legal.inc b/tools/legal.inc
index 0d51ef6..16d425d 100644
--- a/tools/legal.inc
+++ b/tools/legal.inc
@@ -203,45 +203,9 @@
}
function generateSecurityFileContent($id, $render) {
- $project = Project::getProject($id);
-
- $rows = array();
- $sql = "
- select
- name, date
- from ProjectReleases
- where project=':id:'
- order by date desc
- limit 3";
- $args = array(":id:" => $id);
- $max = 3;
- query('dashboard',$sql, $args, function($row) use (&$rows, &$max) {
- if ($max-- == 1) {
- $row['name'] = "< {$row['name']}";
- $row['supported'] = 'No';
- } else {
- $row['supported'] = 'Yes';
- }
- $rows[] = $row;
- });
-
- $render
- ->title("Security Policy")
- ->paragraph("This project implements the Eclipse Foundation Security Policy")
- ->unorderedList(array("https://www.eclipse.org/security"));
-
- if ($rows) {
- $render
- ->section("Supported Versions")
- ->paragraph("These versions of {$project->getName()} are currently being supported with security updates.")
-
- ->table(array("name" => "Version", "date" => "Released", "supported" => "Supported"), $rows);
- }
-
- $render
- ->section("Reporting a Vulnerability")
- ->paragraph("Please report vulnerabilities to the Eclipse Foundation Security Team at security@eclipse.org")
- ->end();
+ // FIXME Consider alternatives.
+ $contents = file_get_contents('https://raw.githubusercontent.com/eclipse-csi/security-handbook/main/templates/SECURITY.md');
+ echo htmlspecialchars($contents);
}
function getColumnWidths($header, $rows) {
diff --git a/tools/legal/security.php b/tools/legal/security.php
deleted file mode 100755
index 589d081..0000000
--- a/tools/legal/security.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-/*******************************************************************************
- * Copyright (c) 2017 Eclipse Foundation and others.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0 which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * SPDX-License-Identifier: EPL-2.0
- ********************************************************************************/
-require_once dirname(__FILE__) . '/../legal.inc';
-require_once dirname(__FILE__) . '/../../classes/Project.class.php';
-require_once dirname(__FILE__) . '/../../classes/License.class.inc';
-require_once dirname(__FILE__) . '/../../classes/common.php';
-require_once dirname(__FILE__) . '/../../classes/debug.php';
-
-require_once(dirname(__FILE__) . "/../../../eclipse.org-common/system/app.class.php");
-$App = new App();
-
-callIfNotCommitter(function() {
- header('Location: /project');
- exit;
-});
-
-header("Content-Type: text/plain");
-
-if ($id = @$_GET['id']) {
- $project = Project::getProject($id);
-}
-
-if (isset($project)) {
- echo renderSecurityFile($id);
-}
-?>
\ No newline at end of file
