community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Maturity Model / Security Requirements
Date Wed, 02 Aug 2017 16:48:17 GMT
Hi,

I just now noticed while looking at a podling's maturity evaluation that the requirement Q030[1]
has an issue. The podling stated that security issues are submitted to JIRA! The wording on
the model needs to be updated so that it is clear that the reporting of a security issue must
be by an secure channel.

I think that Q030 be updated to include the word “secure” between well-documented and
channel:

The project provides a well-documented secure channel to report security issues, along with
a documented way of responding to them

Any objections?

Regards,
Dave

[1] http://community.apache.org/apache-way/apache-project-maturity-model.html

Mime
View raw message