Alessandro, If you have anything to share that might be a potential security issue, you can send to priv...@calcite.apache.org which only includes the PMC and has non-public archives.
-- Michael Mior mm...@apache.org On Mon, Mar 31, 2025 at 8:47 AM Alessandro Solimando < alessandro.solima...@gmail.com> wrote: > Hello, > in the context of CALCITE-6928 > <https://issues.apache.org/jira/browse/CALCITE-6928> (sonar is broken in > CI), I was checking our sonar configuration here > <https://ci-builds.apache.org/job/Calcite/job/Calcite-sonar/configure>, > there is a potential security risk with the current settings, I can't > change the offending setting (lack of permissions), who can change settings > there? Is it someone maybe from PMC or shall I create an INTRA ticket? > > I don't want to provide more details publicly at this stage, until the > issue has been discussed/resolved, for obvious reasons. > > Unlike other Apache projects we don't have a security ML, maybe we should > look into creating one for cases like this? > > Best regards, > Alessandro >
