This is an automated email from the ASF dual-hosted git repository.
pdesai pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/incubator-openwhisk-website.git
The following commit(s) were added to refs/heads/master by this push:
new 515b546 Alter prose and email to directyl leverage Apache reporting
process. (#364)
515b546 is described below
commit 515b54660af155e42289d708a5ccef4dc7db2827
Author: Matt Rutkowski <[email protected]>
AuthorDate: Thu Mar 21 11:47:04 2019 -0500
Alter prose and email to directyl leverage Apache reporting process. (#364)
---
_layouts/security.html | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/_layouts/security.html b/_layouts/security.html
index 2bf6259..fd27298 100644
--- a/_layouts/security.html
+++ b/_layouts/security.html
@@ -32,17 +32,13 @@ layout: default
<a class="indexable" id="report"></a>
<h3>Report a security vulnerability</h3>
<div class="collapsible-content">
- <p>It is strongly encouraged that security vulnerabilities
be reported to our private mailing list first, rather than disclosing them in a
public forum. The private security mailing address is: <a
href="mailto:[email protected]";>[email protected]</a></p>
- <p>Please note that this mailing list should only be used
for reporting undisclosed security vulnerabilities for Apache OpenWhisk code or
dependent libraries, runtimes and tooling. We do not accept regular bug reports
or other queries at this address.</p>
- <p>The OpenWhisk project management committee upon receiving
the report will follow the Apache <a
href="https://www.apache.org/security/committers.html#vulnerability-handling";>Vulnerability
handling</a> process as documented.
- </p>
+ <p>We encourage following the Apache <a
href="http://www.apache.org/security/#reporting-a-vulnerability";>Vulnerability
Reporting</a> process for reporting suspected security vulnerabilities rather
than disclosing them in a public forum.</p>
+ <p>In short, the person discovering the issue, the
reporter, should notify the Apache Security team with details of the suspected
vulnerability by sending an email to <a
href="mailto:[email protected]";>[email protected]</a>.</p>
+ <p>The Apache security team will notify the Apache
OpenWhisk Project Management Committee (PMC) and work with them and the
submitter to address the issue as described by the Apache <a
href="https://www.apache.org/security/committers.html#vulnerability-handling";>Vulnerability
Handling</a> process.</p>
+ <p>Please note that this mailing list should only be used
for reporting undisclosed security vulnerabilities for Apache OpenWhisk code or
dependent libraries, runtimes and tooling. Bug reporting should be done by
opening a GitHib Issue within the corresponding project repository where a bug
is suspected.</p>
</div>
</div>
</main>
- <main class="doc">
- <div class="content"><p><i><b>Note</b>: The Apache OpenWhisk
community works in accordance with documented Apache security processes
documented here: <a href="http://www.apache.org/security/";>Reporting a
vulnerability</a></i></p>
- </div>
- </main>
</section>
</div>
