TAG Security has prepared Security Guidelines for new projects on contribute.cncf.io that are worth reviewing to refresh and refamiliarize your project’s configuration and settings. There are also a variety of templates available to assist projects in bootstrapping any governance structure or process they may currently be missing. As your project grows, we encourage projects to leverage the TAG Contributor Strategy’s contributor ladder framework to create structure, expectations, and clear roles and responsibilities for welcoming and inviting contributors to take on more leadership roles within a project. Migrating to this framework can support projects and proactively manage contributions without creating or embellishing a sense of urgency.

I will take a look at this one. I will compare the guidelines and try to normalize the DEVELOP, CONTRIBUTING, GUIDELINES and the website https://www.jaegertracing.io/get-involved/.

Security scanning fix : #5364
Update on CODE_OF_CONDUCT and adding MAINTAINERS file : #5365

Jaeger doesn't have and likely doesn't need elections or subproject governance.

Open question, do we want to improve the OpenSSF score? https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger It would mean implementing Fuzzing, fixing permissions on tokens minimally.

It would mean implementing Fuzzing, fixing permissions on tokens minimally.

+1 to fix tokens. Fuzzing is a pretty specialized domain, I don't have any expertise in it. It's not that I mind having fuzzing tests, but I am not particularly eager to invest time and I cannot really guide anyone if we make it a help-wanted issue..

Opened this issue to get official in Artifact Hub : artifacthub/hub#3787