You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2022/01/21 22:15:37 UTC
[nifi] branch main updated: NIFI-9619 Removed GPG key from Security Mailing List reporting
This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 3d05844 NIFI-9619 Removed GPG key from Security Mailing List reporting
3d05844 is described below
commit 3d05844b713142851584d4990da2828c81cc1cfa
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Fri Jan 21 16:01:10 2022 -0600
NIFI-9619 Removed GPG key from Security Mailing List reporting
This closes #5702
Signed-off-by: David Handermann <ex...@apache.org>
---
SECURITY.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index e52e617..0c7209b 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -39,10 +39,10 @@ While researching, we'd like to ask you to refrain from:
## Reporting Methods
-NiFi accepts reports in multiple ways:
-
-* Send an email to [security@nifi.apache.org](mailto:security@nifi.apache.org). This is a private list monitored by the [PMC](https://nifi.apache.org/people.html). For sensitive disclosures, the GPG key fingerprint is *1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9*.
-* NiFi has a [HackerOne](https://hackerone.com/apache_nifi) project page. HackerOne provides a triaged process for researchers and organizations to collaboratively report and resolve security vulnerabilities.
+* NiFi Security Mailing List: [security@nifi.apache.org](mailto:security@nifi.apache.org)
+ * Members of the [Project Management Committee](https://nifi.apache.org/people.html) monitor this private mailing list and respond to disclosures
+* NiFi [HackerOne](https://hackerone.com/apache_nifi) project page
+ * HackerOne provides a triaged process for researchers and organizations to collaboratively report and resolve security vulnerabilities
## Publishing