Updating security reachout email

[varun-lodaya]

Description

[Describe what this change achieves]
Updating security reach out email address from aws-security@amazon.com to security@opensearch.org.

Issues Resolved

[List any issues this PR will resolve]
N/A

Is this a backport? If so, please add backport PR # and/or commits #
N/A

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]
N/A

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.99%. Comparing base (bac93dc) to head (3b091e6).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4333   +/-   ##
=======================================
  Coverage   65.99%   65.99%           
=======================================
  Files         302      302           
  Lines       21758    21758           
  Branches     3522     3522           
=======================================
  Hits        14360    14360           
+ Misses       5630     5629    -1     
- Partials     1768     1769    +1     

see 2 files with indirect coverage changes

[shikharj05]

Thank you! I think this would require a change across packages-

https://github.com/opensearch-project/OpenSearch/blob/main/SECURITY.md
https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/SECURITY.md

For better consistency, maybe all other package files can redirect to a single file in this or core package, thoughts?

[varun-lodaya]

Yes @shikharj05, I have started on this repo but will add similar change across all repos. As for redirection, that's a good idea. The security section can be a reference to 1 common place, maybe at project level. Will wait to hear thoughts from others, @dblock ?

[reta]

@shikharj05 could you please fix DCO? (see please https://github.com/opensearch-project/.github/blob/main/CONTRIBUTING.md#developer-certificate-of-origin)

[cwperks]

Not sure why DCO failed. The commit is signed off:

Signed-off-by: Varun Lodaya <varunml@amazon.com>

[cwperks]

Oh, I see the message:

Commit sha: [3b091e6](https://github.com/opensearch-project/security/pull/4333/commits/3b091e6b865d37935c1c2615765a98144b075fdb), Author: varun-lodaya, Committer: varun-lodaya; Expected "varun-lodaya [varunml@amazon.com](mailto:varunml@amazon.com)", but got "Varun Lodaya [varunml@amazon.com](mailto:varunml@amazon.com)".

Ref: https://github.com/opensearch-project/security/pull/4333/checks?check_run_id=24807243836

I manually set DCO to pass.

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-1.x 1.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-1.x
# Create a new branch
git switch --create backport/backport-4333-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ab4b3233492f352432c7c17bf16c6b47b484e65b
# Push it to GitHub
git push --set-upstream origin backport/backport-4333-to-1.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-4333-to-1.x.

[opensearch-trigger-bot]

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-1.3 1.3
# Navigate to the new working tree
pushd ../.worktrees/security/backport-1.3
# Create a new branch
git switch --create backport/backport-4333-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ab4b3233492f352432c7c17bf16c6b47b484e65b
# Push it to GitHub
git push --set-upstream origin backport/backport-4333-to-1.3
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-4333-to-1.3.

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-4333-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ab4b3233492f352432c7c17bf16c6b47b484e65b
# Push it to GitHub
git push --set-upstream origin backport/backport-4333-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-4333-to-2.x.