You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/04/01 06:11:47 UTC

[GitHub] [pulsar-site] michaeljmarshall opened a new pull request #21: Update reporting a vulnerability documentation

michaeljmarshall opened a new pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21


   See https://github.com/apache/pulsar/pull/14610 and https://github.com/apache/pulsar/pull/14610#issuecomment-1067510855 for context.
   
   Adding some detail to the reporting a vulnerability documentation.
   
   @Anonymitaet - I noticed that we have a contact page on the new website https://pulsar-next.staged.apache.org/contact/. I propose adding this contact information on both pages (the "how to contribute" page and the "contact" page).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
Anonymitaet commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1067627368


   I think one place (below) is enough since we do not want duplicated content, right? @D-2-Ed @DaveDuggins
   
   ![image](https://user-images.githubusercontent.com/50226895/158322359-0267c273-b703-4ac1-b3ed-f80c21b110be.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] urfreespace commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
urfreespace commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1076994590


   @michaeljmarshall @Anonymitaet Any new progress? If there is no agreement within 3 days, I will close this PR, PTAL, thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] urfreespace closed pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
urfreespace closed pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] michaeljmarshall commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1067575643


   I verified that this "looks" correct. Here are screenshots:
   <img width="1590" alt="Screen Shot 2022-03-15 at 12 20 37 AM" src="https://user-images.githubusercontent.com/47911938/158312064-247f81d3-3d47-47cd-a7c0-9077aa94ddc5.png">
   <img width="1201" alt="Screen Shot 2022-03-15 at 12 21 01 AM" src="https://user-images.githubusercontent.com/47911938/158312104-a6f14273-fade-4cd1-b70c-46b0bdd02c23.png">
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] dave2wave commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
dave2wave commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1085943990


   Make the names of the list links to the archives. (https://lists.apache.org/list.html?dev@pulsar.apache.org)
   
   On the mailing lists page there is a subscribe button. It won't be translated, but ...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] michaeljmarshall commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1068557988


   @Anonymitaet - I agree that we should probably avoid complete duplication. However, I'll note that the Apache Spark project does point to their "Reporting a Vulnerability" page from the mailing list page.
   
   See https://spark.apache.org/community.html and https://spark.apache.org/security.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] michaeljmarshall commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1068683673


   @Anonymitaet - I did not mean to suggest that we should follow their way blindly.
   
   In my view, we should make this contact information easy to find, even if it is slightly redundant. I shared the Apache Spark page because it shows the design I have in mind. 
   
   My main point is that the contact page should include information on how to report a vulnerability or it should link a user to that part of our website. Given that our "report a vulnerability" protocol is primarily "send an email to security@apache.org", I think it makes sense on the contact page where we have all relevant Pulsar email addresses.
   
   Beside the obvious benefit of helping security researchers know our protocol, this also ensures that users will notice that we have a well defined security protocol in place.
   
   Note that in some of the examples you shared, the community and the contact pages were joined. I agree with you that it wouldn't make sense to have the information in two places if they shared a single webpage.
   
   What is your perspective? Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
Anonymitaet commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1068673490


   @michaeljmarshall thanks for your explanations, but we do not need to follow the "Spark way" 😄


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
Anonymitaet commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1073646750


   @michaeljmarshall thanks for your explanations! That makes sense.
   To avoid duplication and add references, how about changing it as below?
   (add a row for security@apache.org in the Mailing Lists table)
   <img width="936" alt="image" src="https://user-images.githubusercontent.com/50226895/159229619-5724edcb-5171-4ad0-9b41-327387e95e83.png">
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] michaeljmarshall commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1077151027


   @Anonymitaet - that is a good solution. In looking at making the change, I noticed that I cannot update the table without also adding links for "subscribe", "unsubscribe", and "archives". Do you know of a way around that? Thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet commented on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
Anonymitaet commented on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1077286923


   > @Anonymitaet - that is a good solution. In looking at making the change, I noticed that I cannot update the table without also adding links for "subscribe", "unsubscribe", and "archives". Do you know of a way around that? Thanks!
   
   Sorry, I do not know. If that can not fit into the table, consider add a paragraph after the table?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet edited a comment on pull request #21: Update reporting a vulnerability documentation

Posted by GitBox <gi...@apache.org>.
Anonymitaet edited a comment on pull request #21:
URL: https://github.com/apache/pulsar-site/pull/21#issuecomment-1077286923


   > @Anonymitaet - that is a good solution. In looking at making the change, I noticed that I cannot update the table without also adding links for "subscribe", "unsubscribe", and "archives". Do you know of a way around that? Thanks!
   
   Sorry, I do not know. If that can not fit into the table, consider adding a paragraph after the table?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org