metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Casey Stella <ceste...@gmail.com>
Subject Re: Apache Security Process
Date Thu, 02 Jun 2016 17:28:50 GMT
Sorry, it's deleted now.  We will be more careful in the future.

Thanks for the vigilance, Larry.

Casey

On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <lmccay@apache.org> wrote:

> All -
>
> Please become familiar with of the Apache process for reporting,
> discussing, filing JIRAs and fixing security vulnerabilities [1].
>
> METRON-198 has exposed more than we should in a public manner and the
> attached report should be removed.
>
> Details of any particular issues should only be discussed on a project's
> security or private list and it needs to also include the security@a.o
> list.
>
> Fixes need to be discussed and agreed upon on the private list and JIRAs
> filed to commit the fix should be vague and as general as possible - so as
> not to disclose the details of the vulnerabilities and inform the
> development of exploits.
>
> Also, pay attention to the CVE related aspects of the process in the page
> referenced below.
>
> thanks,
>
> --larry
>
> 1. http://www.apache.org/security/committers.html
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message