You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by sebb <se...@gmail.com> on 2023/03/28 11:40:15 UTC

[ALL] Queries related to inconsistent naming of security pages

Here are the security page sources I could find:

bcel/src/site/xdoc/security.xml
collections/src/site/xdoc/security-reports.xml
compress/src/site/xdoc/security.xml
configuration/src/site/xdoc/security.xml
crypto/src/site/xdoc/security.xml
email/src/site/xdoc/security-reports.xml
fileupload/src/site/xdoc/security-reports.xml
net/src/site/xdoc/security.xml
text/src/site/xdoc/security.xml

These are not consistent, which results in problems such as the broken
link for Compress on the page:
https://commons.apache.org/security.html

Does anyone know if there was a change in the convention for renaming these?
If so, which is correct?

It looks like the 'security.html' links are added to the site menu via
site.xml, but that does not appear to be the case for the
'security-reports.html' links.

Does anyone know how these get added?

Note, it would probably be a good idea to standardise on the placement
of the links in the menu.
Just after Downloads is probably as good a place as any.

Sebb

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Re: [ALL] Queries related to inconsistent naming of security pages

Posted by Gilles Sadowski <gi...@gmail.com>.

Hello.

Le mar. 28 mars 2023 à 13:40, sebb <se...@gmail.com> a écrit :
>
> Here are the security page sources I could find:
>
> bcel/src/site/xdoc/security.xml
> collections/src/site/xdoc/security-reports.xml
> compress/src/site/xdoc/security.xml
> configuration/src/site/xdoc/security.xml
> crypto/src/site/xdoc/security.xml
> email/src/site/xdoc/security-reports.xml
> fileupload/src/site/xdoc/security-reports.xml
> net/src/site/xdoc/security.xml
> text/src/site/xdoc/security.xml
>
> These are not consistent, which results in problems such as the broken
> link for Compress on the page:
> https://commons.apache.org/security.html
>
> Does anyone know if there was a change in the convention for renaming these?
> If so, which is correct?
>
> It looks like the 'security.html' links are added to the site menu via
> site.xml, but that does not appear to be the case for the
> 'security-reports.html' links.
>
> Does anyone know how these get added?
>
> Note, it would probably be a good idea to standardise on the placement
> of the links in the menu.
> Just after Downloads is probably as good a place as any.
>

How about having the list of vulnerabilities (that has to be
managed "manually" anyways) part of the common "Commons"
site?
A link on each component's "sub-site" could refer back to that
page but it should not be left to every component to design its
"own" security listing.

Note: On that page, there is this line
  Apache Commons BCEL Security Vulnerabilities
linking to
  https://commons.apache.org/proper/commons-bcel/security.html
that states
  For information about reporting or asking questions about security,
please see the security page of the Apache Commons project.
where "security page" links back to the common page.

IMHO, all security issues should have one line on a single page,
that line linking to a page with more details (such as links to CVE
reports, commits, blog posts, ...).

Regards,
Gilles

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Re: [ALL] Queries related to inconsistent naming of security pages

Posted by Gary Gregory <ga...@gmail.com>.

I don't think there ever was an effort to standardize the file name or menu
placement, nor is there a way to enforce it; not unless you want to make
the parent pom work harder through some custom enforcer plugin rules (I am
guessing).

Gary

On Tue, Mar 28, 2023, 07:41 sebb <se...@gmail.com> wrote:

> Here are the security page sources I could find:
>
> bcel/src/site/xdoc/security.xml
> collections/src/site/xdoc/security-reports.xml
> compress/src/site/xdoc/security.xml
> configuration/src/site/xdoc/security.xml
> crypto/src/site/xdoc/security.xml
> email/src/site/xdoc/security-reports.xml
> fileupload/src/site/xdoc/security-reports.xml
> net/src/site/xdoc/security.xml
> text/src/site/xdoc/security.xml
>
> These are not consistent, which results in problems such as the broken
> link for Compress on the page:
> https://commons.apache.org/security.html
>
> Does anyone know if there was a change in the convention for renaming
> these?
> If so, which is correct?
>
> It looks like the 'security.html' links are added to the site menu via
> site.xml, but that does not appear to be the case for the
> 'security-reports.html' links.
>
> Does anyone know how these get added?
>
> Note, it would probably be a good idea to standardise on the placement
> of the links in the menu.
> Just after Downloads is probably as good a place as any.
>
> Sebb
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>