community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Maturity Model / Security Requirements
Date Wed, 02 Aug 2017 18:34:52 GMT
On 02/08/17 17:48, Dave Fisher wrote:
> Hi,
> 
> I just now noticed while looking at a podling's maturity evaluation that
> the requirement Q030[1] has an issue. The podling stated that security
> issues are submitted to JIRA! The wording on the model needs to be
> updated so that it is clear that the reporting of a security issue must
> be by an secure channel.
> 
> I think that Q030 be updated to include the word “secure” between
> well-documented and channel:
> 
> The project provides a well-documented *_secure_* channel to report
> security issues, along with a documented way of responding to them
> 
> Any objections?

"secure, non-public" ?

Mark


> 
> Regards,
> Dave
> 
> [1]
> http://community.apache.org/apache-way/apache-project-maturity-model.html


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org


Mime
View raw message