[jira] [Commented] (APEXCORE-318) Document security vulnerability process

[Chris Nauroth (JIRA)]

    [ 
https://issues.apache.org/jira/browse/APEXCORE-318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15126792#comment-15126792
 ] 

Chris Nauroth commented on APEXCORE-318:
----------------------------------------

[~PramodSSImmaneni], my apologies, I should have realized that you'd need one 
of us to do the list creation.  I just submitted the form, with all current 
PPMC members and mentors listed as moderators.  Now we wait to hear back about 
the list creation.  Below is a copy-paste of the form result.



Submitted request(s)

{
  "version": 4,
  "type": "podling",
  "private": true,
  "subdomain": "apex",
  "outhost": "apex.incubator.apache.org",
  "localpart": "security",
  "domain": "apache.org",
  "moderators": 
"gauravgopi...@apache.org,pra...@apache.org,ake...@apache.org,che...@apache.org,t...@apache.org,david...@apache.org,vro...@apache.org,ilgan...@apache.org,boy...@apache.org,cnaur...@apache.org,ga...@apache.org,hit...@apache.org,jmcl...@apache.org,ptgo...@apache.org,tdunn...@apache.org",
  "muopts": "mu",
  "replytolist": true,
  "notifyee": "priv...@incubator.apache.org"
}
svn add -- input/apex-security.json
A         input/apex-security.json
svn add -- input/apex\+.json
A         input/apex+.json
svn commit --no-auth-cache --non-interactive -m secur...@apex.apache.org\ 
mailing\ list\ request\ by\ cnauroth\ via\ 140.211.11.72 -- 
input/apex-security.json input/apex\+.json
Adding         input/apex+.json
Adding         input/apex-security.json
Transmitting file data ..
Committed revision 979204.
Next steps: We will create the lists and email priv...@incubator.apache.org 
once we have done that. There is no need to file a JIRA.

> Document security vulnerability process
> ---------------------------------------
>
>                 Key: APEXCORE-318
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-318
>             Project: Apache Apex Core
>          Issue Type: Task
>            Reporter: Chris Nauroth
>            Assignee: Pramod Immaneni
>              Labels: tlp
>
> QU30
> The project provides a well-documented channel to report security issues,
> along with a documented way of responding to them.
> I couldn't find a security vulnerability process documented at
> apex.incubator.apache.org.  Example:
> http://hadoop.apache.org/mailing_lists.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)