You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by sebb <se...@gmail.com> on 2015/06/18 17:13:16 UTC
[ALL][COMPRESS] security reports page naming
Commons Compress has a Security Reports page:
http://commons.apache.org/proper/commons-compress/security.html
which contains details of known security issues.
The page links to the general commons security page
http://commons.apache.org/security.html
for details of how to report security issues.
I think it is a good idea to have both pages, but I wonder whether it
might be less confusing if the pages had slightly different names?
Especially since CP 37 site.xml has a bug which means that the
Security link under General Information is resolved as being relative
to the component. [This is a "feature" of Maven site when used with
parent POMs].
If a component wants to provide a security report page, I suggest it
should be called "security-report.html" or similar.
Compress seems to be the only one with such a page so far, so it would
not involve much work.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [ALL][COMPRESS] security reports page naming
Posted by Gary Gregory <ga...@gmail.com>.
On Thu, Jun 18, 2015 at 8:13 AM, sebb <se...@gmail.com> wrote:
> Commons Compress has a Security Reports page:
>
> http://commons.apache.org/proper/commons-compress/security.html
>
> which contains details of known security issues.
>
> The page links to the general commons security page
> http://commons.apache.org/security.html
> for details of how to report security issues.
>
> I think it is a good idea to have both pages, but I wonder whether it
> might be less confusing if the pages had slightly different names?
>
> Especially since CP 37 site.xml has a bug which means that the
> Security link under General Information is resolved as being relative
> to the component. [This is a "feature" of Maven site when used with
> parent POMs].
>
> If a component wants to provide a security report page, I suggest it
> should be called "security-report.html" or similar.
>
> Compress seems to be the only one with such a page so far, so it would
> not involve much work.
>
Sounds reasonable.
Gary
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
--
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Re: [ALL][COMPRESS] security reports page naming
Posted by Stefan Bodewig <bo...@apache.org>.
On 2015-06-18, sebb wrote:
> Commons Compress has a Security Reports page:
> http://commons.apache.org/proper/commons-compress/security.html
> which contains details of known security issues.
> The page links to the general commons security page
> http://commons.apache.org/security.html
> for details of how to report security issues.
> I think it is a good idea to have both pages, but I wonder whether it
> might be less confusing if the pages had slightly different names?
Fine with me.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org