Return-Path: 
 <issues-return-169097-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 824A817EA6
	for <apmail-hbase-issues-archive@www.apache.org>;
 Thu, 30 Oct 2014 13:26:34 +0000 (UTC)
Received: (qmail 66070 invoked by uid 500); 30 Oct 2014 13:26:34 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 66022 invoked by uid 500); 30 Oct 2014 13:26:34 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 66005 invoked by uid 99); 30 Oct 2014 13:26:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Oct 2014 13:26:34 +0000
Date: Thu, 30 Oct 2014 13:26:34 +0000 (UTC)
From: "Sean Busbey (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12615280.1352346300000.372148.1414675594190@Atlassian.JIRA>
In-Reply-To: <JIRA.12615280.1352346300000@Atlassian.JIRA>
References: <JIRA.12615280.1352346300000@Atlassian.JIRA>
 <JIRA.12615280.1352346300606@arcas>
Subject: [jira] [Commented] (HBASE-7126) Update website with info on how to
 report security bugs
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14190049#comment-14190049 ] 

Sean Busbey commented on HBASE-7126:
------------------------------------

More info in the [ASF ref|http://www.apache.org/security/committers.html].

security@apache.org will default to private@hbase for forwarding reports to them. That's fine if we want to stick to usign that for all reports, but we should document the preference.

> Update website with info on how to report security bugs 
> --------------------------------------------------------
>
>                 Key: HBASE-7126
>                 URL: https://issues.apache.org/jira/browse/HBASE-7126
>             Project: HBase
>          Issue Type: Task
>          Components: documentation
>            Reporter: Eli Collins
>            Priority: Critical
>              Labels: website
>
> The HBase website should be updated with information on how to report potential security vulnerabilities. In Hadoop land we have a private security list that anyone case post to that we point to on our list page: Hadoop example http://hadoop.apache.org/general_lists.html#Security.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)