You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pekko.apache.org by fa...@apache.org on 2023/01/18 15:22:11 UTC
[incubator-pekko] branch main updated: update security docs (#114)

This is an automated email from the ASF dual-hosted git repository.

fanningpj pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-pekko.git


The following commit(s) were added to refs/heads/main by this push:
     new ec68a5280b update security docs (#114)
ec68a5280b is described below

commit ec68a5280ba7305e8c33f0fba6d2922cec81a97d
Author: PJ Fanning <pj...@users.noreply.github.com>
AuthorDate: Wed Jan 18 16:22:05 2023 +0100

    update security docs (#114)
---
 docs/src/main/paradox/security/index.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/docs/src/main/paradox/security/index.md b/docs/src/main/paradox/security/index.md
index f4a20b6cd4..cd919f06be 100644
--- a/docs/src/main/paradox/security/index.md
+++ b/docs/src/main/paradox/security/index.md
@@ -2,19 +2,20 @@
 
 ## Receiving Security Advisories
 
-The best way to receive any and all security announcements is to subscribe to the [Pekko security list](https://groups.google.com/forum/#!forum/akka-security).
+The best way to receive any and all security announcements is to subscribe to the [Apache Announce Mailing List](https://lists.apache.org/list.html?announce@apache.org).
 
-The mailing list is very low traffic, and receives notifications only after security reports have been managed by the core team and fixes are publicly available.
+This mailing list has a reasonable level of traffic, and receives notifications only after security reports have been managed by the core Apache teams and fixes are publicly available.
+
+This mailing list also has announcements of releases for Apache projects.
 
 ## Reporting Vulnerabilities
 
 We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum.
 
-Following best practice, we strongly encourage anyone to report potential security 
-vulnerabilities to [security@pekko.io](mailto:security@pekko.io) before disclosing them in a public forum like the mailing list or as a GitHub issue.
+Please follow the [guidelines](https://www.apache.org/security/) laid down by the Apache Security team.
 
-Reports to this email address will be handled by our security team, who will work together with you
-to ensure that a fix can be provided without delay.
+Ideally, any issues affecting Apache Pekko and Akka should be reported to Apache team first. We will share the
+report with the Lightbend Akka team.
 
 ## Security Related Documentation
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pekko.apache.org
For additional commands, e-mail: commits-help@pekko.apache.org