incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject Re: Best avenue for reporting security issues
Date Thu, 19 Dec 2013 21:22:20 GMT
http://www.apache.org/security/

email security@apache.org since there isn't a Cassandra specific
security list.  This will also help with getting things like CVEs
assigned and making sure balls are not dropped.

On Tue, Dec 17, 2013 at 3:30 PM, Ben Bromhead <ben@instaclustr.com> wrote:
> Hi guys
>
> We’ve come across a bug with potential security implications and in the spirit of responsible
disclosure whats the best path for reporting it / submitting patches without making the issue
public until a fixed version of Cassandra is released?
>
> As a follow up I would propose that the Cassandra project should have security@cassandra.apache.org
mailing address, where sensitive issues can be reported to the core dev team without it being
made public.
>
> Regards
>
> Ben Bromhead
> Instaclustr | www.instaclustr.com | @instaclustr | +61 415 936 359
>

Mime
View raw message