Skip to content

[docs] Clarify security vulnerability process and reporting #17039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
codelipenghui merged 2 commits into from
Aug 11, 2022
Merged

[docs] Clarify security vulnerability process and reporting #17039

codelipenghui merged 2 commits into from
Aug 11, 2022

Conversation

@lhotari
Copy link
Member

@lhotari lhotari commented Aug 10, 2022
edited
Loading

Motivation

Modification

  • Clarify the security vulnerability process and reporting
  • Add information also to SECURITY.md so that the information is available also in cases when pulsar.apache.org isn't reachable or the reader doesn't click on links to read the relevant information. It's better to duplicate information about the vulnerability handling process in SECURITY.md.

@lhotari lhotari added the doc Your PR contains doc changes, no matter whether the changes are in markdown or code files. label Aug 10, 2022
@lhotari lhotari self-assigned this Aug 10, 2022
@lhotari lhotari mentioned this pull request Aug 10, 2022
Merged
1 task
@lhotari
[docs] Clarify security vulnerability process and reporting
7056485 
- the previous description wasn't very clear and could cause confusion
@lhotari lhotari force-pushed the lh-clarify-security-vulnerability-reporting branch from 09f55d9 to 7056485 Compare August 10, 2022 09:06
@lhotari
Copy link
Member Author

lhotari commented Aug 10, 2022
edited
Loading

related to #14610 and #16962 (fix for #16919 which was caused by #14610 changes)

@lhotari
Copy link
Member Author

lhotari commented Aug 10, 2022

@tisonkun @Anonymitaet @dave2wave @michaeljmarshall please review

tisonkun
tisonkun approved these changes Aug 10, 2022
View reviewed changes
Copy link
Member

@tisonkun tisonkun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

michaeljmarshall
michaeljmarshall approved these changes Aug 10, 2022
View reviewed changes
Copy link
Member

@michaeljmarshall michaeljmarshall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I agree with these changes, and I think it makes sense to have some of the information duplicated across the SECURITY.md and the website. I also think we should make the security page easier to find and that we don't need to include it in the versioned docs.

dave2wave
dave2wave requested changes Aug 10, 2022
View reviewed changes
@dave2wave
Copy link
Member

dave2wave commented Aug 10, 2022

I'm bothered that we have versioned docs about security policies and supported versions. It makes no sense. I would suggest a further PR removes all of these and instead in the versioned menus refers to the common and most current version.

@lhotari lhotari mentioned this pull request Aug 10, 2022
Closed
2 tasks
@lhotari
Copy link
Member Author

lhotari commented Aug 10, 2022

I'm bothered that we have versioned docs about security policies and supported versions. It makes no sense. I would suggest a further PR removes all of these and instead in the versioned menus refers to the common and most current version.

@dave2wave Yes, that's a problem. I created #17052 to track it.

@lhotari lhotari requested a review from dave2wave August 10, 2022 19:11
@sijie sijie mentioned this pull request Aug 11, 2022
Open
2 tasks
@codelipenghui codelipenghui merged commit 96d4bbb into apache:master Aug 11, 2022
coderzc pushed a commit to coderzc/pulsar that referenced this pull request Aug 13, 2022
@lhotari @coderzc
[docs] Clarify security vulnerability process and reporting (apache#1…
ec0e8ce 
…7039)
Technoboy- pushed a commit to merlimat/pulsar that referenced this pull request Aug 16, 2022
@lhotari @Technoboy-
[docs] Clarify security vulnerability process and reporting (apache#1…
60597b6 
…7039)
momo-jun added a commit to momo-jun/pulsar that referenced this pull request Aug 17, 2022
@momo-jun
Sync recent changes from apache#17030, apache#17039, apache#16315, and
224ccfb 
…apache#17057
@momo-jun momo-jun mentioned this pull request Aug 17, 2022
Merged
1 task
@tisonkun tisonkun mentioned this pull request Aug 18, 2022
Closed
@michaeljmarshall michaeljmarshall linked an issue Aug 18, 2022 that may be closed by this pull request
[Security] [Doc] no advice on how to report vulnerabilities #16919
Closed
momo-jun added a commit that referenced this pull request Sep 7, 2022
@momo-jun
[fix][doc] Sync recent changes on versioned docs (#17130)
284001a 
* Sync recent changes from #17030, #17039, #16315, and #17057

* fix #17119

* minor updates

* add link of release notes to navigation

* fix

* update release process as per PIP-190

* minor fix

* minor fix

* Update release-process.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tisonkun tisonkun tisonkun approved these changes

@dave2wave dave2wave dave2wave approved these changes

@michaeljmarshall michaeljmarshall michaeljmarshall approved these changes

@eolivelli eolivelli Awaiting requested review from eolivelli

@codelipenghui codelipenghui Awaiting requested review from codelipenghui

@Anonymitaet Anonymitaet Awaiting requested review from Anonymitaet

@urfreespace urfreespace Awaiting requested review from urfreespace

Assignees

@lhotari lhotari

Labels

doc Your PR contains doc changes, no matter whether the changes are in markdown or code files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] [Doc] no advice on how to report vulnerabilities

5 participants

@lhotari @dave2wave @tisonkun @michaeljmarshall @codelipenghui