You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Bjørn Jørgensen (Jira)" <ji...@apache.org> on 2022/03/24 19:20:00 UTC
[jira] [Created] (SPARK-38649) Fix SECURITY.md
Bjørn Jørgensen created SPARK-38649:
---------------------------------------
Summary: Fix SECURITY.md
Key: SPARK-38649
URL: https://issues.apache.org/jira/browse/SPARK-38649
Project: Spark
Issue Type: Bug
Components: Documentation
Affects Versions: 3.4.0
Reporter: Bjørn Jørgensen
At [Github Security -> Security policy|https://github.com/apache/spark/security/policy]
The info there does not tell users what to do, if they have found a security issue.
The default text for this page is
"
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
"
We should change this to something like:
"
Reporting security issues
Apache Spark uses the standard process outlined by the Apache Security Team for reporting vulnerabilities. Note that vulnerabilities should not be publicly disclosed until the project has responded.
To report a possible security vulnerability, please email security@spark.apache.org. This is a non-public list that will reach the Apache Security team, as well as the Spark PMC.
For more info https://spark.apache.org/security.html
"
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org