potiuk opened a new pull request, #56:
URL: https://github.com/apache/drill-site/pull/56

   **This is a proposal for the PMC to review — please correct, reject, or
   discuss as needed.** Nothing here is a requirement; the maintainer is the
   decision-maker.
   
   This adds a minimal `AGENTS.md` + `SECURITY.md` to the Drill website repo so
   an automated scan agent can mechanically discover the project's security 
model
   via the conventional `AGENTS.md → SECURITY.md → threat model` chain.
   
   `apache/drill-site` is the project website; the actual security model lives 
in
   the main `apache/drill` repository, so these files just **point** there (the
   project's umbrella model) rather than duplicating it. Nothing about the model
   content changes — this is only the discoverability wiring.
   
   Context: the ASF Security team is preparing the project for an automated
   agentic security scan we're piloting. Such scans refuse to run if the model
   isn't discoverable by that path (refusing upfront beats a noise-heavy run
   against a model the agent never found). This is the website-repo companion to
   the model that already merged on `apache/drill`; wiring the site repo too
   means the full requested scope is discoverable.
   
   Questions / pushback welcome — happy to adjust the wording, or to drop the
   site repo from scope entirely if you'd rather not include it in the scan.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to