hawq-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amy Bai <a...@pivotal.io>
Subject Re: Proposal for handling of security vulnerabilities in Apache HAWQ
Date Wed, 15 Feb 2017 03:42:28 GMT
Hi Roman,

Thanks for your comments. I have added HAWQ security reports section in HAWQ
wiki page
<https://cwiki.apache.org/confluence/display/HAWQ/Contributing+to+HAWQ>according
to your comments. Please feel free to review the changes and add the
security mailing list for hawq in
https://www.apache.org/security/projects.html.

Regards,
Amy

On Mon, Feb 13, 2017 at 9:20 AM, Roman Shaposhnik <roman@shaposhnik.org>
wrote:

> On Fri, Feb 10, 2017 at 5:35 PM, stanly sheng <stanly.sxiang@gmail.com>
> wrote:
> > When HAWQ team commit the fix, everyone can see the commits even no
> > references. Will this make the security issue public if the fix is very
> > simple ?
>
> True, but that's the only way to deal with this. This is why you MUST
> commit
> and immediately do a release. In fact, your release artifacts should really
> be staged when you're doing a commit so you can push a release out ASAP.
>
> Thanks,
> Roman.
>

Mime
View raw message