commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Top Level Security Page
Date Sun, 31 Aug 2014 09:00:45 GMT
Hi all

I was just browsing the security pages of some ASF projects and the
guidelines set by our security team[1] (preparing a talk, not because
there was any issue) and realized Commons didn't have a page describing
how to report security issues.

Since I'm the one who created the page for Compress[2] by mostly copying
the Tomcat page in 2012 I know at least one component has such a page.
FileUpload which fixed a security issue with the 1.3.1 doesn't have a
page of its own.

I'd like to create a top level page for Commons about reporting security
issues.  Basically I'd take the "Reporting New Security Problems" and
"Errors and Ommissions" sections from Compress' page and add a section
linking to component specific subpages as they exist.  I'd like to see
this page linked in either the "Commons" or "General Information"
section of the navigation (which probably means doing something with
parent, I'll need to sort this out).





To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message