On Thu, May 14, 2026 at 04:36:23PM +0100, Joe Orton wrote: > On Thu, May 14, 2026 at 11:53:04AM +0200, Ruediger Pluem wrote: > > On 5/12/26 7:23 PM, Joe Orton wrote: > > > I'm thinking we put this at ./docs/security-model.md or somewhere while > > > > What is the best location for a LLM that scans the repo to pick it up > > automatically? > > Is there any generic LLM model agnostic default location / filename? > > From some off-list conversation, it looks like there is a convention to > use "SECURITY.md" at the top-level. (We should also reference the web > site pages about how to report vulnerabilities from there too)
Of course that exists already. Updated with the (draft) model so others can fill in holes here if desired.
