You are viewing a plain text version of this content. The canonical link for it is here.

Posted to gitbox@activemq.apache.org by GitBox <gi...@apache.org> on 2022/02/15 04:35:32 UTC

[GitHub] [activemq] coheigea opened a new pull request #767: Adding SECURITY.md for ActiveMQ

coheigea opened a new pull request #767:
URL: https://github.com/apache/activemq/pull/767


   It's good security practice to add a SECURITY.md to a github repo, containing details of supported versions, where to find CVEs and how to report new issues.
   
   Feel free to modify as required.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] gemmellr commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

gemmellr commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806472758



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       This seems to be in disagreement with what has been discussed and agreed long-ago, and so feels potentially misleading at this point. Certainly worthy of discussion before merging a 'policy' PR after 4 minutes at a time most folks arent around and likely just before announcing a new release that seems to disagree with it.
   
   5.15.15 was discussed, agreed, and finally announced to be the last 5.15.x release over 9 months ago. 5.16.3 occurred 3 months later and contained various dep updates with security fixes, 5.16.4 is about to occur over 9 months later doing the same again, with no equivalent 5.15.x update release being made or ever mentioned in a discussion.

##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       Ok great. I think it is also past time it was removed from the website too, so perhaps while adding 5.16.4?

##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       Ok great. I think it is also past time it was removed from the website (and dist repo) too, so perhaps while adding 5.16.4?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

jbonofre commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806485674



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       @gemmellr I will change 5.15.x. I just missed it. Nothing changed to what have been discussed on the mailing list already.

##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       Good idea, I will do that on website as part of the 5.16.4 update.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] gemmellr commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

gemmellr commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806472758



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       This seems to be in disagreement with what has been discussed and agreed long-ago, and so feels potentially misleading at this point. Certainly worthy of discussion before merging a 'policy' PR after 4 minutes at a time most folks arent around and likely just before announcing a new release that seems to disagree with it.
   
   5.15.15 was discussed, agreed, and finally announced to be the last 5.15.x release over 9 months ago. 5.16.3 occurred 3 months later and contained various dep updates with security fixes, 5.16.4 is about to occur over 9 months later doing the same again, with no equivalent 5.15.x update release being made or ever mentioned in a discussion.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre merged pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

jbonofre merged pull request #767:
URL: https://github.com/apache/activemq/pull/767


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] gemmellr commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

gemmellr commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806486866



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       Ok great. I think it is also past time it was removed from the website too, so perhaps while adding 5.16.4?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

jbonofre commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806485674



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       @gemmellr I will change 5.15.x. I just missed it. Nothing changed to what have been discussed on the mailing list already.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

jbonofre commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806487865



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       Good idea, I will do that on website as part of the 5.16.4 update.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre merged pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

jbonofre merged pull request #767:
URL: https://github.com/apache/activemq/pull/767


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] gemmellr commented on a change in pull request #767: Adding SECURITY.md for ActiveMQ

Posted by GitBox <gi...@apache.org>.

gemmellr commented on a change in pull request #767:
URL: https://github.com/apache/activemq/pull/767#discussion_r806486866



##########
File path: SECURITY.md
##########
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.16.x   | :white_check_mark: |
+| 5.15.x   | :white_check_mark: |
+| < 5.15.x | :x:                |

Review comment:
       Ok great. I think it is also past time it was removed from the website (and dist repo) too, so perhaps while adding 5.16.4?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org