[GitHub] [accumulo-website] EdColeman commented on a diff in pull request #372: Add CVE reporting to contact page. Addresses Jira ACCUMULO-3277

["EdColeman (via GitHub)" <gi...@apache.org>]

EdColeman commented on code in PR #372:
URL: https://github.com/apache/accumulo-website/pull/372#discussion_r1093828853


##########
pages/contact-us.md:
##########
@@ -12,6 +12,25 @@ Below are ways to get in touch with the Apache Accumulo community.
 
 Accumulo uses GitHub issues to track bugs and new features. Visit [How to contribute](/how-to-contribute) for more information.
 
+## Security Issues (CVE)
+
+We strongly encourage reporting potential security issues by privately emailing `private@accumulo.apache.org` or 
+`security@apache.org`
+
+Do not make information about the vulnerability public until it is formally announced by the Accumulo community. 
+That means, for example, that you should not create a public GitHub issue, since those would make the issue public. 
+GitHub pull requests and any messages associated with any commits should not make any reference to the security nature 
+of the commit.

Review Comment:
   I added a do not list - I wanted to keep the general process because that mirrors the text from ASF security with Accumulo substituted where appropriate.  I did not want to stray too far from the standard process to show that we are following the ASF policies and eliminate any confusion or conflict.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@accumulo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org