Add SECURITY.md

This commit adds a security policy to this repository. SECURITY.md files
are threated in a special way by GitHub, helping users to know how to
best submit security issues for the projects.

In this case, we simply point to our existing documentation on
prometheus.io.

The content of this file will be synced automatically with the
prometheus/prometheus repository, as our security policy covers all the
repositories. This sync is automated with prombot, like other files
(LICENSE, Makefile.common).

https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
1 file changed
tree: 5564865e0abf59206f80c8a3cf55a43bdfe07102
  1. .gitignore
  2. CODE_OF_CONDUCT.md
  3. CONTRIBUTING.md
  4. LICENSE
  5. MAINTAINERS.md
  6. Makefile
  7. NOTICE
  8. README.md
  9. SECURITY.md
  10. go.mod
  11. go.sum
  12. go/
  13. metrics.proto
README.md

Deprecation note

This repository used to contain the protocol buffer code that defined both the data model and the exposition format of Prometheus metrics.

Starting with v2.0.0, the Prometheus server does not ingest the protobuf-based exposition format anymore. Currently, all but one of the official instrumentation libraries do not expose the protobuf-based exposition format. The Go instrumentation library, however, has been built around the protobuf-based data model. As a byproduct thereof, it is still able to expose the protobuf-based exposition format. The Go instrumentation library is the only remaining repository within the Prometheus GitHub org directly using the prometheus/client_model repository.

Therefore, formerly existing support for languages other than Go (namely C++, Java, Python, Ruby) has been removed from this repository. If you are a 3rd party user of those languages, you can go back to commit 14fe0d1 to keep using the old code, or you can consume metrics.proto directly with your own protobuf tooling. Note, however, that changes of metrics.proto after commit 14fe0d1 are solely informed by requirements of the Go instrumentation library and will not take into account any requirements of other languages or stability concerns for the protobuf-based exposition format.

Check out the OpenMetrics project for the future of the data model and exposition format used by Prometheus and others.