metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley" <omal...@apache.org>
Subject Re: Apache Security Process
Date Thu, 02 Jun 2016 17:30:44 GMT
I'd also recommend that you create a security@metron.incubator.apache.org
for users to report any security issues they discover.

.. Owen

On Thu, Jun 2, 2016 at 10:28 AM, Casey Stella <cestella@gmail.com> wrote:

> Sorry, it's deleted now.  We will be more careful in the future.
>
> Thanks for the vigilance, Larry.
>
> Casey
>
> On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <lmccay@apache.org> wrote:
>
> > All -
> >
> > Please become familiar with of the Apache process for reporting,
> > discussing, filing JIRAs and fixing security vulnerabilities [1].
> >
> > METRON-198 has exposed more than we should in a public manner and the
> > attached report should be removed.
> >
> > Details of any particular issues should only be discussed on a project's
> > security or private list and it needs to also include the security@a.o
> > list.
> >
> > Fixes need to be discussed and agreed upon on the private list and JIRAs
> > filed to commit the fix should be vague and as general as possible - so
> as
> > not to disclose the details of the vulnerabilities and inform the
> > development of exploits.
> >
> > Also, pay attention to the CVE related aspects of the process in the page
> > referenced below.
> >
> > thanks,
> >
> > --larry
> >
> > 1. http://www.apache.org/security/committers.html
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message