You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by PJ Fanning <fa...@apache.org> on 2023/12/13 13:22:22 UTC
podling security issues
Hi everyone,
I'm wondering if podlings should include some details about their
security issues [1] in their 3 podling reports. We won't want to
release information about any security issues that are still under
investigation or where the fix is not yet released. I still think
there is little harm in podlings giving high level numbers and maybe
some indication of how quickly security issues are being dealt with.
I've seen evidence that some TLPs are unaware of the importance of
dealing quickly with security reports and I think the Incubator team
could help with ensuring that podlings are aware of the requirements.
I will certainly be having a close look at a podling's record of
handling security reports when it comes to discussions about
graduation.
I'm wondering if we could have some consensus on what is expected of podlings.
Regards,
PJ
[1] https://www.apache.org/security/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: podling security issues
Posted by Craig Russell <ap...@gmail.com>.
Hi PJ,
I agree that there should be a section in podlings' reports that highlights <private/> security issues.
Regards,
Craig
> On Dec 13, 2023, at 05:22, PJ Fanning <fa...@apache.org> wrote:
>
> Hi everyone,
>
> I'm wondering if podlings should include some details about their
> security issues [1] in their 3 podling reports. We won't want to
> release information about any security issues that are still under
> investigation or where the fix is not yet released. I still think
> there is little harm in podlings giving high level numbers and maybe
> some indication of how quickly security issues are being dealt with.
>
> I've seen evidence that some TLPs are unaware of the importance of
> dealing quickly with security reports and I think the Incubator team
> could help with ensuring that podlings are aware of the requirements.
>
> I will certainly be having a close look at a podling's record of
> handling security reports when it comes to discussions about
> graduation.
>
> I'm wondering if we could have some consensus on what is expected of podlings.
>
> Regards,
> PJ
>
> [1] https://www.apache.org/security/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
Craig L Russell
clr@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org