flink-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Metzger <rmetz...@apache.org>
Subject Re: Flink Release Security Workflow
Date Fri, 20 Mar 2020 16:07:09 GMT
Hey Mark,
thanks a lot for reaching out. There is no dedicated security workflow for
a Flink release.
This is the guide for creating a Flink release (for Flink committers, not
for just building Flink locally):
https://cwiki.apache.org/confluence/display/FLINK/Creating+a+Flink+Release
As part of the release creation process, there's a 3 day voting period per
release candidate with an extensive review by the community. A Flink
release needs a majority among the PMC members to be released. As part of
this voting process, we check that the source code and binaries are
properly signed by the release manager, and we check the release artifacts
to be compliant with Apache's rules for a release:
http://www.apache.org/dev/release-publishing.html
There is also some additional information on how the ASF handles security:
https://www.apache.org/security/

Afaik some vendors providing Flink distributions have more involved
security processes.

Best,
Robert


On Wed, Mar 18, 2020 at 6:07 PM Mark Hapner <mhapner@cogility.com> wrote:

> Are there any docs/links that describe the security workflow for a Flink
> release? For instance, the static code scan workflow; pen test workflow;
> security review of new features; etc.
>
>
>
> The reason for the question is to better understand how to include Flink
> within the security workflow of a product that includes it as a component.
>
> ------------------------------
>
> COGILITY SOFTWARE CORPORATION LEGAL DISCLAIMER: The information in this
> email is confidential and is intended solely for the addressee. Access to
> this email by anyone else is unauthorized. If you are not the intended
> recipient, any disclosure, copying, distribution or any action taken or
> omitted to be taken in reliance on it, is prohibited and may be unlawful.
>

Mime
View raw message