You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/01/21 22:07:00 UTC

[jira] [Updated] (NIFI-9619) Remove GPG key from Security Disclosure details

     [ https://issues.apache.org/jira/browse/NIFI-9619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann updated NIFI-9619:
-----------------------------------
    Status: Patch Available  (was: In Progress)

> Remove GPG key from Security Disclosure details
> -----------------------------------------------
>
>                 Key: NIFI-9619
>                 URL: https://issues.apache.org/jira/browse/NIFI-9619
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation &amp; Website
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Trivial
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The Security Vulnerability Disclosure instructions reference a GPG key fingerprint for security@nifi.apache.org as an option for reporting sensitive information. The public key associated with the fingerprint expired on 2021-03-23.  The difficulty of sharing a GPG private key with all members of the PMC outweighs the potential benefit of supporting this method of vulnerability reporting. For these reasons, the GPG key fingerprint should be removed from the Security Vulnerability Disclosure instructions.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)