You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@calcite.apache.org by "Julian Hyde (JIRA)" <ji...@apache.org> on 2016/08/24 01:55:21 UTC
[jira] [Commented] (CALCITE-1359) Document how users can log
security issues against Calcite and Avatica
[ https://issues.apache.org/jira/browse/CALCITE-1359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15434054#comment-15434054 ]
Julian Hyde commented on CALCITE-1359:
--------------------------------------
I did a quick survey, and it seems that [most projects do not have a security team|http://www.apache.org/security/projects.html], which means that vulnerabilities should be reported to security@apache.org. Of the projects that do, Kafka seems a good model to follow; [its security page|http://kafka.apache.org/project-security.html] is simple and clear.
> Document how users can log security issues against Calcite and Avatica
> ----------------------------------------------------------------------
>
> Key: CALCITE-1359
> URL: https://issues.apache.org/jira/browse/CALCITE-1359
> Project: Calcite
> Issue Type: Bug
> Reporter: Julian Hyde
> Assignee: Julian Hyde
>
> Apache requires that projects document how to log security issues. Neither Calcite nor Avatica has that currently.
> Dev list and JIRA do not seem appropriate since they are public. Is the private list suitable? I don't want to create a new list, since the volume of security issues is very small.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)