You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/08/10 19:04:20 UTC

[GitHub] [pulsar] lhotari commented on a diff in pull request #17039: [docs] Clarify security vulnerability process and reporting

lhotari commented on code in PR #17039:
URL: https://github.com/apache/pulsar/pull/17039#discussion_r942803907


##########
SECURITY.md:
##########
@@ -1,3 +1,13 @@
 # Security Policy
 
-The security policy and supported versions are outlined on the Pulsar website here: https://pulsar.apache.org/docs/security-policy-and-supported-versions/.
+## Security Vulnerability Process
+
+The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list.
+
+It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
+
+## Security Policy details and supported versions of Apache Pulsar
+
+The security policy and supported versions are outlined on the Pulsar website under [Security > Security Policy and Supported Versions](https://pulsar.apache.org/docs/security-policy-and-supported-versions/).

Review Comment:
   This link is in the SECURITY.md file which is rendered in GitHub at https://github.com/apache/pulsar/security/policy



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org