You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@yunikorn.apache.org by wi...@apache.org on 2022/01/14 06:24:48 UTC
[incubator-yunikorn-site] branch master updated: [YUNIKORN-1020] Update security issue report guidelines. (#107)
This is an automated email from the ASF dual-hosted git repository.
wilfreds pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-yunikorn-site.git
The following commit(s) were added to refs/heads/master by this push:
new ba6c957 [YUNIKORN-1020] Update security issue report guidelines. (#107)
ba6c957 is described below
commit ba6c957fad6337975c865a67d2ea589754f4e50f
Author: Weiwei Yang <ww...@apache.org>
AuthorDate: Thu Jan 13 22:20:36 2022 -0800
[YUNIKORN-1020] Update security issue report guidelines. (#107)
---
src/pages/community/how_to_contribute.md | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/pages/community/how_to_contribute.md b/src/pages/community/how_to_contribute.md
index fd7ea9e..b0a0809 100644
--- a/src/pages/community/how_to_contribute.md
+++ b/src/pages/community/how_to_contribute.md
@@ -98,9 +98,11 @@ The JIRA will not be closed automatically.
## Report a security issue
YuniKorn community cares deeply about the security and actively addresses any security issues as
-the top priority. The community uses its private mailing list (private@yunikorn.apache.org) to discuss
-and track security related issues. If any security issue found, please email the private
-mailing list. The community will evaluate the severity immediately and provide a plan accordingly.
+the top priority. We follow the Apache security guidelines for handling security issues, please see the Apache doc
+about [handling security issues](https://www.apache.org/security/). If you find any security issue,
+please send a vulnerability report to security@apache.org, the YuniKorn security team will assess the issue
+immediately and work with the reporter on a plan to fix it. Please do not disclose the issue to any public forum
+before working with the security team.
## Still got questions?
If you’re not sure about something, try to follow the style of the existing codebase.