You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jmeter.apache.org by sebb <se...@gmail.com> on 2015/06/18 16:03:12 UTC

[ALL][COMPRESS] security reports page naming

Commons Compress has a Security Reports page:

http://commons.apache.org/proper/commons-compress/security.html

which contains details of known security issues.

The page links to the general commons security page
http://commons.apache.org/security.html
for details of how to report security issues.

I think it is a good idea to have both pages, but I wonder whether it
might be less confusing if the pages had slightly different names?

Especially since CP 37 site.xml has a bug which means that the
Security link under General Information is resolved as being relative
to the component. [This is a "feature" of Maven site when used with
parent POMs].

If a component wants to provide a security report page, I suggest it
should be called "security-report.html" or similar.

Compress seems to be the only one with such a page so far, so it would
not involve much work.

Re: [ALL][COMPRESS] security reports page naming

Posted by sebb <se...@gmail.com>.

Rats!

Sorry about that.

On 18 June 2015 at 16:08, Felix Schumacher
<fe...@internetallee.de> wrote:
> Hi sebb,
>
> I think the intended audience of this mail was dev@commons.apache.org.
>
> Regards,
> Felix
>
> Am 18. Juni 2015 16:03:12 MESZ, schrieb sebb <se...@gmail.com>:
>>Commons Compress has a Security Reports page:
>>
>>http://commons.apache.org/proper/commons-compress/security.html
>>
>>which contains details of known security issues.
>>
>>The page links to the general commons security page
>>http://commons.apache.org/security.html
>>for details of how to report security issues.
>>
>>I think it is a good idea to have both pages, but I wonder whether it
>>might be less confusing if the pages had slightly different names?
>>
>>Especially since CP 37 site.xml has a bug which means that the
>>Security link under General Information is resolved as being relative
>>to the component. [This is a "feature" of Maven site when used with
>>parent POMs].
>>
>>If a component wants to provide a security report page, I suggest it
>>should be called "security-report.html" or similar.
>>
>>Compress seems to be the only one with such a page so far, so it would
>>not involve much work.

Re: [ALL][COMPRESS] security reports page naming

Posted by Felix Schumacher <fe...@internetallee.de>.

Hi sebb, 

I think the intended audience of this mail was dev@commons.apache.org.

Regards, 
Felix

Am 18. Juni 2015 16:03:12 MESZ, schrieb sebb <se...@gmail.com>:
>Commons Compress has a Security Reports page:
>
>http://commons.apache.org/proper/commons-compress/security.html
>
>which contains details of known security issues.
>
>The page links to the general commons security page
>http://commons.apache.org/security.html
>for details of how to report security issues.
>
>I think it is a good idea to have both pages, but I wonder whether it
>might be less confusing if the pages had slightly different names?
>
>Especially since CP 37 site.xml has a bug which means that the
>Security link under General Information is resolved as being relative
>to the component. [This is a "feature" of Maven site when used with
>parent POMs].
>
>If a component wants to provide a security report page, I suggest it
>should be called "security-report.html" or similar.
>
>Compress seems to be the only one with such a page so far, so it would
>not involve much work.