You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by tw...@apache.org on 2022/10/29 15:13:24 UTC

[mina-sshd] branch master updated: [releng] Repository configuration for GitHub

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


The following commit(s) were added to refs/heads/master by this push:
     new 5c1dfc5b5 [releng] Repository configuration for GitHub
5c1dfc5b5 is described below

commit 5c1dfc5b5d359cc7fdcadb4fd4ba4e6f4a36b874
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Oct 22 12:26:22 2022 +0200

    [releng] Repository configuration for GitHub
    
    Per [1] the ASF JIRA requires manual account creation as of 2022-11-06.
    This manual workflow is not manageable for us and introduces a new and
    deterring barrier for new prospective issue reporters. Therefore enable
    issue management via GitHub issues.
    
    People with existing JIRA accounts may continue to use the ASF JIRA.
    
    Add a minimal ASF configuration[2] for the GitHub repository; tell in
    the README where to report issues. Also add the clear-text security
    e-mail in security.txt: it makes no sense to have our mailing lists in
    clear in the repo, but keep the security e-mail "hidden".
    
    [1] https://lists.apache.org/thread/jx9d7sp690ro660pjpttwtg209w3m39w
    [2] https://s.apache.org/asfyaml
---
 .asf.yaml    | 19 +++++++++++++++++++
 README.md    |  7 +++++++
 SECURITY.md  |  8 +++++---
 pom.xml      |  1 +
 security.txt |  6 +++---
 5 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/.asf.yaml b/.asf.yaml
new file mode 100644
index 000000000..2fb34730c
--- /dev/null
+++ b/.asf.yaml
@@ -0,0 +1,19 @@
+# See https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features
+github:
+  description: "Apache MINA sshd is a comprehensive Java library for client- and server-side SSH."
+  homepage: https://mina.apache.org/sshd-project/
+  labels:
+    - ssh
+    - library
+    - java
+    - apache
+  features:
+    issues: true
+  dependabot_alerts:  true
+  dependabot_updates: true
+
+notifications:
+  commits:      commits@mina.apache.org
+  issues:       dev@mina.apache.org
+  pullrequests: dev@mina.apache.org
+  jira_options: link
diff --git a/README.md b/README.md
index c1a5614b9..a90170ff1 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,13 @@ to other keys (e.g. ECDSA, ED25519) as soon as possible.
 
 # [Release notes](./CHANGES.md)
 
+# Issue reporting
+
+Bug reports and improvement or feature requests can be filed at the [GitHub issue tracker](https://github.com/apache/mina-sshd/issues)
+or at the [Apache issue tracker](https://issues.apache.org/jira/projects/SSHD).
+
+Sensitive issues such as security vulnerabilities must be reported through [private channels](./SECURITY.md), not via either issue tracker.
+
 # Core requirements
 
 * Java 8+ (as of version 1.3)
diff --git a/SECURITY.md b/SECURITY.md
index 6a6acf585..26d9ebaa1 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,7 @@
 # Security
 
-If you suspect you have found a security vulnerability in [Apache MINA sshd](./README.md) code, please read the [ASF Security Policy](https://www.apache.org/security/)
-for how to report the issue. Please do not report the details publicly until the report is reviewed and a fixed version has been published.
-More details are in the description of the [ASF Security Vulnerability Process](https://www.apache.org/security/committers.html).
+If you suspect you have found a security vulnerability in [Apache MINA sshd](./README.md)
+code, please read the [Apache Software Foundation Security Policy](https://www.apache.org/security/)
+for how to report the issue. Please do _not_ report the details publicly until the report
+is reviewed and a fixed version has been published. More details are in the description
+of the [ASF Security Vulnerability Process](https://www.apache.org/security/committers.html).
diff --git a/pom.xml b/pom.xml
index 065c64d6a..11e49dc47 100644
--- a/pom.xml
+++ b/pom.xml
@@ -713,6 +713,7 @@
                     <configuration>
                         <consoleOutput>true</consoleOutput>
                         <excludes>
+                            <exclude>.asf.yaml</exclude>
                             <exclude>*.md</exclude>
                             <exclude>docs/**</exclude>
                             <exclude>sshd-sources/**</exclude>
diff --git a/security.txt b/security.txt
index 9e4bc1ef9..796863599 100644
--- a/security.txt
+++ b/security.txt
@@ -1,14 +1,14 @@
 # RFC 9116 format specifications for security contacts for Apache MINA sshd
 
-# Contact e-mail is listed on this web page. It's "security" with the Apache domain.
-Contact: https://www.apache.org/security/
-
 # The ASF policy page on dealing with security vulnerabilities
 Policy: https://www.apache.org/security/
 
 # A more detailed description of the whole process
 Policy: https://www.apache.org/security/committers.html
 
+# Where to report sensitive issues
+Contact: security@apache.org
+
 # The canonical locations of this file
 Canonical: https://gitbox.apache.org/repos/asf?p=mina-sshd.git;a=blob_plain;f=security.txt;hb=HEAD
 Canonical: https://github.com/apache/mina-sshd/blob/master/security.txt