Skip to content

Add Reporting Vulnerabilities section to Security Policy #16962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Anonymitaet merged 2 commits into from
Aug 9, 2022
Merged

Add Reporting Vulnerabilities section to Security Policy #16962

Anonymitaet merged 2 commits into from
Aug 9, 2022

Conversation

@tisonkun
Copy link
Member

@tisonkun tisonkun commented Aug 5, 2022

Fixes #16919

  • doc

@tisonkun
Add Reporting Vulnerabilities section to Security Policy
0f6eca3 
Signed-off-by: tison <wander4096@gmail.com>
@tisonkun tisonkun marked this pull request as ready for review August 5, 2022 23:28
@github-actions github-actions bot added the doc Your PR contains doc changes, no matter whether the changes are in markdown or code files. label Aug 5, 2022
@tisonkun
Copy link
Member Author

tisonkun commented Aug 5, 2022

cc @hpvd @sijie @merlimat @eolivelli

@tisonkun tisonkun mentioned this pull request Aug 8, 2022
Closed
Anonymitaet
Anonymitaet reviewed Aug 8, 2022
View reviewed changes
@tisonkun tisonkun requested a review from Anonymitaet August 8, 2022 13:14
@Anonymitaet Anonymitaet merged commit b1ad198 into apache:master Aug 9, 2022
@tisonkun tisonkun deleted the security-policy branch August 9, 2022 03:25
@lhotari
Copy link
Member

lhotari commented Aug 9, 2022

I hope that the information about the vulnerability handling process could also be added to SECURITY.md . Duplication of information is justified in this case. Hiding relevant information behind yet another click could result in information being missed.

I'd suggest that we also add these sentences to SECURITY.md:

The Pulsar community follows the ASF vulnerability handling process.

To report a new vulnerability you have discovered please follow the ASF vulnerability reporting process.

@lhotari
Copy link
Member

lhotari commented Aug 9, 2022

Oh, I see that @tisonkun already suggested inlining the information in #16919 (comment) .

@tisonkun
Copy link
Member Author

tisonkun commented Aug 9, 2022

@lhotari I'm OK to duplicate the information but the current state is acceptable for me and I think it resolves the original issue.

If you'd like to duplicate the information, you can submit a patch :)

@lhotari lhotari mentioned this pull request Aug 10, 2022
Merged
@lhotari
Copy link
Member

lhotari commented Aug 10, 2022

@lhotari I'm OK to duplicate the information but the current state is acceptable for me and I think it resolves the original issue.

If you'd like to duplicate the information, you can submit a patch :)

@tisonkun I made #17039 as a follow-up

Technoboy- pushed a commit to merlimat/pulsar that referenced this pull request Aug 16, 2022
@tisonkun @Technoboy-
[doc][workflow] Add Reporting Vulnerabilities section to Security Pol…
28d8307 
…icy (apache#16962)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codelipenghui codelipenghui codelipenghui approved these changes

@Anonymitaet Anonymitaet Anonymitaet approved these changes

Assignees

@tisonkun tisonkun

Labels

doc Your PR contains doc changes, no matter whether the changes are in markdown or code files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] [Doc] no advice on how to report vulnerabilities

4 participants

@tisonkun @lhotari @codelipenghui @Anonymitaet