singa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Moaz Reyad (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SINGA-417) Adding security channel
Date Sat, 08 Dec 2018 17:29:00 GMT
Moaz Reyad created SINGA-417:
--------------------------------

             Summary: Adding security channel
                 Key: SINGA-417
                 URL: https://issues.apache.org/jira/browse/SINGA-417
             Project: Singa
          Issue Type: New Feature
          Components: Documentation
            Reporter: Moaz Reyad


According to the [Apache Project Maturity Model|https://community.apache.org/apache-way/apache-project-maturity-model.html]:

??QU30: The project provides a well-documented, secure and private channel to report security
issues, along with a documented way of responding to them.??

??Apache projects can just point to [http://www.apache.org/security/] or use their own security
contacts page, which should also point to that.??

This issue can be solved simply by adding a link to Apache Security page to SINGA website.

However, I would also suggest to :
 # create a sub team in SINGA (even starting with one person) for security
 # ask for an email security@singa.apache for project security contacts
 # create a new page for security in SINGA website
 # add SINGA security team (page and email) to [ASF Project Security Information page|https://www.apache.org/security/projects.html]

Machine learning systems like SINGA may work with sensitive data (e.g. medical data, finance,
etc.) and SINGA provides distributed training where data and models can be shared in a network.
If SINGA security team provides details to ensure the best security practices, this can be
an important feature to show in SINGA now or in a future release.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message