cederom commented on PR #17583: URL: https://github.com/apache/nuttx/pull/17583#issuecomment-3704169858
* Thank you everyone for verification and feedback! * Sorry for the delay it was really hard year and I needed some offline rest at least during Christmas time with my family out of my lab. * Not security vulnerability section was moved up to below known vulnerabilities. * Security issues handling section was split into 4 steps for clarity: reporting, investigation, the fix, public announcement. I think it is good to have it here because we will all know what the process is and not to skip any important steps. * Added list of existing CVEs including these published today. By the way I took a second look at our last reports and got some ideas on improvements below. * I noticed that placing all people involved in credits may improve things on our end by providing motivation and public credits. * I realized I missed @raboof as coordinator in the credits, my sincere apologies and big thank you for really perfect support coordination and patience!! Credits added to our docs and will update cves after review is closed :-) * I noticed that older CVEs contain private emails, while it should be apache related emails where possible. I fixed that in the docs, please verify. * After we review this document I will also update existing CVEs. * @simbit18 can you please provide first and last name + email to put in credits please? Do you have apache email? * @xiaoxiang781216 can you please verify reviewers credits are all info correct? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
