You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by tw...@apache.org on 2022/10/29 15:13:24 UTC
[mina-sshd] branch master updated: [releng] Repository configuration for GitHub
This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new 5c1dfc5b5 [releng] Repository configuration for GitHub
5c1dfc5b5 is described below
commit 5c1dfc5b5d359cc7fdcadb4fd4ba4e6f4a36b874
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Oct 22 12:26:22 2022 +0200
[releng] Repository configuration for GitHub
Per [1] the ASF JIRA requires manual account creation as of 2022-11-06.
This manual workflow is not manageable for us and introduces a new and
deterring barrier for new prospective issue reporters. Therefore enable
issue management via GitHub issues.
People with existing JIRA accounts may continue to use the ASF JIRA.
Add a minimal ASF configuration[2] for the GitHub repository; tell in
the README where to report issues. Also add the clear-text security
e-mail in security.txt: it makes no sense to have our mailing lists in
clear in the repo, but keep the security e-mail "hidden".
[1] https://lists.apache.org/thread/jx9d7sp690ro660pjpttwtg209w3m39w
[2] https://s.apache.org/asfyaml
---
.asf.yaml | 19 +++++++++++++++++++
README.md | 7 +++++++
SECURITY.md | 8 +++++---
pom.xml | 1 +
security.txt | 6 +++---
5 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/.asf.yaml b/.asf.yaml
new file mode 100644
index 000000000..2fb34730c
--- /dev/null
+++ b/.asf.yaml
@@ -0,0 +1,19 @@
+# See https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features
+github:
+ description: "Apache MINA sshd is a comprehensive Java library for client- and server-side SSH."
+ homepage: https://mina.apache.org/sshd-project/
+ labels:
+ - ssh
+ - library
+ - java
+ - apache
+ features:
+ issues: true
+ dependabot_alerts: true
+ dependabot_updates: true
+
+notifications:
+ commits: commits@mina.apache.org
+ issues: dev@mina.apache.org
+ pullrequests: dev@mina.apache.org
+ jira_options: link
diff --git a/README.md b/README.md
index c1a5614b9..a90170ff1 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,13 @@ to other keys (e.g. ECDSA, ED25519) as soon as possible.
# [Release notes](./CHANGES.md)
+# Issue reporting
+
+Bug reports and improvement or feature requests can be filed at the [GitHub issue tracker](https://github.com/apache/mina-sshd/issues)
+or at the [Apache issue tracker](https://issues.apache.org/jira/projects/SSHD).
+
+Sensitive issues such as security vulnerabilities must be reported through [private channels](./SECURITY.md), not via either issue tracker.
+
# Core requirements
* Java 8+ (as of version 1.3)
diff --git a/SECURITY.md b/SECURITY.md
index 6a6acf585..26d9ebaa1 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,7 @@
# Security
-If you suspect you have found a security vulnerability in [Apache MINA sshd](./README.md) code, please read the [ASF Security Policy](https://www.apache.org/security/)
-for how to report the issue. Please do not report the details publicly until the report is reviewed and a fixed version has been published.
-More details are in the description of the [ASF Security Vulnerability Process](https://www.apache.org/security/committers.html).
+If you suspect you have found a security vulnerability in [Apache MINA sshd](./README.md)
+code, please read the [Apache Software Foundation Security Policy](https://www.apache.org/security/)
+for how to report the issue. Please do _not_ report the details publicly until the report
+is reviewed and a fixed version has been published. More details are in the description
+of the [ASF Security Vulnerability Process](https://www.apache.org/security/committers.html).
diff --git a/pom.xml b/pom.xml
index 065c64d6a..11e49dc47 100644
--- a/pom.xml
+++ b/pom.xml
@@ -713,6 +713,7 @@
<configuration>
<consoleOutput>true</consoleOutput>
<excludes>
+ <exclude>.asf.yaml</exclude>
<exclude>*.md</exclude>
<exclude>docs/**</exclude>
<exclude>sshd-sources/**</exclude>
diff --git a/security.txt b/security.txt
index 9e4bc1ef9..796863599 100644
--- a/security.txt
+++ b/security.txt
@@ -1,14 +1,14 @@
# RFC 9116 format specifications for security contacts for Apache MINA sshd
-# Contact e-mail is listed on this web page. It's "security" with the Apache domain.
-Contact: https://www.apache.org/security/
-
# The ASF policy page on dealing with security vulnerabilities
Policy: https://www.apache.org/security/
# A more detailed description of the whole process
Policy: https://www.apache.org/security/committers.html
+# Where to report sensitive issues
+Contact: security@apache.org
+
# The canonical locations of this file
Canonical: https://gitbox.apache.org/repos/asf?p=mina-sshd.git;a=blob_plain;f=security.txt;hb=HEAD
Canonical: https://github.com/apache/mina-sshd/blob/master/security.txt