On Thu, Jun 18, 2015 at 8:13 AM, sebb <seb...@gmail.com> wrote: > Commons Compress has a Security Reports page: > > http://commons.apache.org/proper/commons-compress/security.html > > which contains details of known security issues. > > The page links to the general commons security page > http://commons.apache.org/security.html > for details of how to report security issues. > > I think it is a good idea to have both pages, but I wonder whether it > might be less confusing if the pages had slightly different names? > > Especially since CP 37 site.xml has a bug which means that the > Security link under General Information is resolved as being relative > to the component. [This is a "feature" of Maven site when used with > parent POMs]. > > If a component wants to provide a security report page, I suggest it > should be called "security-report.html" or similar. > > Compress seems to be the only one with such a page so far, so it would > not involve much work. >
Sounds reasonable. Gary > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition <http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
