openwhisk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pde...@apache.org
Subject [incubator-openwhisk-website] branch master updated: Alter prose and email to directyl leverage Apache reporting process. (#364)
Date Thu, 21 Mar 2019 16:47:08 GMT
This is an automated email from the ASF dual-hosted git repository.

pdesai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-website.git


The following commit(s) were added to refs/heads/master by this push:
     new 515b546  Alter prose and email to directyl leverage Apache reporting process. (#364)
515b546 is described below

commit 515b54660af155e42289d708a5ccef4dc7db2827
Author: Matt Rutkowski <mrutkows@us.ibm.com>
AuthorDate: Thu Mar 21 11:47:04 2019 -0500

    Alter prose and email to directyl leverage Apache reporting process. (#364)
---
 _layouts/security.html | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/_layouts/security.html b/_layouts/security.html
index 2bf6259..fd27298 100644
--- a/_layouts/security.html
+++ b/_layouts/security.html
@@ -32,17 +32,13 @@ layout: default
                 <a class="indexable" id="report"></a>
                 <h3>Report a security vulnerability</h3>
                 <div class="collapsible-content">
-                  <p>It is strongly encouraged that security vulnerabilities be reported
to our private mailing list first, rather than disclosing them in a public forum. The private
security mailing address is: <a href="mailto:private@openwhisk.apache.org">private@openwhisk.apache.org</a></p>
-                  <p>Please note that this mailing list should only be used for reporting
undisclosed security vulnerabilities for Apache OpenWhisk code or dependent libraries, runtimes
and tooling. We do not accept regular bug reports or other queries at this address.</p>
-                  <p>The OpenWhisk project management committee upon receiving the
report will follow the Apache <a href="https://www.apache.org/security/committers.html#vulnerability-handling">Vulnerability
handling</a> process as documented.
-                  </p>
+                    <p>We encourage following the Apache <a href="http://www.apache.org/security/#reporting-a-vulnerability">Vulnerability
Reporting</a> process for reporting suspected security vulnerabilities rather than disclosing
them in a public forum.</p>
+                    <p>In short, the person discovering the issue, the reporter, should
notify the Apache Security team with details of the suspected vulnerability by sending an
email to <a href="mailto:security@apache.org">security@apache.org</a>.</p>
+                    <p>The Apache security team will notify the Apache OpenWhisk Project
Management Committee (PMC) and work with them and the submitter to address the issue as described
by the Apache <a href="https://www.apache.org/security/committers.html#vulnerability-handling">Vulnerability
Handling</a> process.</p>
+                    <p>Please note that this mailing list should only be used for reporting
undisclosed security vulnerabilities for Apache OpenWhisk code or dependent libraries, runtimes
and tooling.  Bug reporting should be done by opening a GitHib Issue within the corresponding
project repository where a bug is suspected.</p>
                 </div>
             </div>
         </main>
-        <main class="doc">
-            <div class="content"><p><i><b>Note</b>: The Apache
OpenWhisk community works in accordance with documented Apache security processes documented
here: <a href="http://www.apache.org/security/">Reporting a vulnerability</a></i></p>
-            </div>
-        </main>
     </section>
 
 </div>


Mime
View raw message