metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From larry mccay <lmc...@apache.org>
Subject Apache Security Process
Date Thu, 02 Jun 2016 17:24:42 GMT
All -

Please become familiar with of the Apache process for reporting,
discussing, filing JIRAs and fixing security vulnerabilities [1].

METRON-198 has exposed more than we should in a public manner and the
attached report should be removed.

Details of any particular issues should only be discussed on a project's
security or private list and it needs to also include the security@a.o
list.

Fixes need to be discussed and agreed upon on the private list and JIRAs
filed to commit the fix should be vague and as general as possible - so as
not to disclose the details of the vulnerabilities and inform the
development of exploits.

Also, pay attention to the CVE related aspects of the process in the page
referenced below.

thanks,

--larry

1. http://www.apache.org/security/committers.html

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message