potiuk opened a new pull request, #3322:
URL: https://github.com/apache/brpc/pull/3322
**This is a proposal for the bRPC PMC to review — please correct,
reject, or discuss as needed.** The maintainer is the decision-maker;
nothing here is a requirement.
This wires up the conventional `AGENTS.md → SECURITY.md → THREAT_MODEL.md`
chain so an automated security scanner can mechanically discover the
project's threat model, and lands the threat model the bRPC PMC has
already reviewed:
- `THREAT_MODEL.md` — the threat model for `apache/brpc` (the version
revised by the PMC).
- `SECURITY.md` — points at `THREAT_MODEL.md`.
- `AGENTS.md` — a Security section routing agents along
`AGENTS.md → SECURITY.md → THREAT_MODEL.md`.
Context: the ASF Security team is preparing bRPC for an automated
agentic security scan being piloted by the team. Such scans refuse to
run unless the model is discoverable by that conventional path —
discoverability is the one hard gate. The model *content* is the PMC's
own document; this PR just lands the reviewed text plus the
discoverability wiring. No project source is touched.
Questions / pushback welcome — happy to adjust file placement or
wording to match the project's house style.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
