From f86173d6c7547f4bd7841a0a3589a2e1ea703ba0 Mon Sep 17 00:00:00 2001
From: Chris Akritidis <43294513+cakrit@users.noreply.github.com>
Date: Wed, 29 May 2019 17:27:02 +0200
Subject: [PATCH] Update security policy (#6166)

* Move Security and Disclosure Info to make it more visible

* Remove docs/Netdata-Security-and-Disclosure-Information.md, replace it with SECURITY.md

* white_check_mark not supported in HTML generation
---
 SECURITY.md                                   |  2 +-
 ...ata-Security-and-Disclosure-Information.md | 39 -------------------
 docs/generator/buildyaml.sh                   |  2 +-
 3 files changed, 2 insertions(+), 41 deletions(-)
 delete mode 100644 docs/Netdata-Security-and-Disclosure-Information.md

diff --git a/SECURITY.md b/SECURITY.md
index 0a6447927a..f029689369 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| Latest  | :white_check_mark: |
+| Latest  | Yes                |
 
 ## Reporting a Vulnerability
 
diff --git a/docs/Netdata-Security-and-Disclosure-Information.md b/docs/Netdata-Security-and-Disclosure-Information.md
deleted file mode 100644
index 437167c37c..0000000000
--- a/docs/Netdata-Security-and-Disclosure-Information.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# Netdata Security and Disclosure Information
-
-This page describes Netdata security and disclosure information.
-
-## Security Announcements
-
-Every time a security issue is fixed in Netdata, we immediately release a new version of it. So, to get notified of all security incidents, please subscribe to our releases on github.
-
-## Report a Vulnerability
-
-We’re extremely grateful for security researchers and users that report vulnerabilities to Netdata Open Source Community. All reports are thoroughly investigated by a set of community volunteers.
-
-To make a report, please email the private [security@netdata.cloud](mailto:security@netdata.cloud) list with the security details and the details expected for [all Netdata bug reports](../.github/ISSUE_TEMPLATE/bug_report.md).
-
-## When Should I Report a Vulnerability?
-
-- You think you discovered a potential security vulnerability in Netdata
-- You are unsure how a vulnerability affects Netdata
-- You think you discovered a vulnerability in another project that Netdata depends on (e.g. python, node, etc)
-
-### When Should I NOT Report a Vulnerability?
-
-- You need help tuning Netdata for security
-- You need help applying security related updates
-- Your issue is not security related
-
-## Security Vulnerability Response
-
-Each report is acknowledged and analyzed by Netdata Team members within 3 working days. This will set off a Security Release Process.
-
-Any vulnerability information shared with Netdata Team stays within Netdata project and will not be disseminated to other projects unless it is necessary to get the issue fixed.
-
-As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.
-
-## Public Disclosure Timing
-
-A public disclosure date is negotiated by the Netdata team and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. As a basic default, we expect report date to disclosure date to be on the order of 7 days. The Netdata team holds the final say when setting a disclosure date.
-
-[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fdocs%2FNetdata-Security-and-Disclosure-Information&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)]()
diff --git a/docs/generator/buildyaml.sh b/docs/generator/buildyaml.sh
index 36599d3e10..211752da09 100755
--- a/docs/generator/buildyaml.sh
+++ b/docs/generator/buildyaml.sh
@@ -127,6 +127,7 @@ echo -ne "    - 'docs/Demo-Sites.md'
     - REDISTRIBUTED.md
     - CHANGELOG.md
     - CONTRIBUTING.md
+    - SECURITY.md
 - Why Netdata:
     - 'docs/why-netdata/README.md'
     - 'docs/why-netdata/1s-granularity.md'
@@ -253,7 +254,6 @@ navpart 2 web/api/queries "" "Queries" 2
 
 echo -ne "- Hacking Netdata:
     - CODE_OF_CONDUCT.md
-    - 'docs/Netdata-Security-and-Disclosure-Information.md'
     - CONTRIBUTORS.md
 "
 navpart 2 packaging/makeself "" "" 4