Hello. Le mar. 28 mars 2023 à 13:40, sebb <seb...@gmail.com> a écrit : > > Here are the security page sources I could find: > > bcel/src/site/xdoc/security.xml > collections/src/site/xdoc/security-reports.xml > compress/src/site/xdoc/security.xml > configuration/src/site/xdoc/security.xml > crypto/src/site/xdoc/security.xml > email/src/site/xdoc/security-reports.xml > fileupload/src/site/xdoc/security-reports.xml > net/src/site/xdoc/security.xml > text/src/site/xdoc/security.xml > > These are not consistent, which results in problems such as the broken > link for Compress on the page: > https://commons.apache.org/security.html > > Does anyone know if there was a change in the convention for renaming these? > If so, which is correct? > > It looks like the 'security.html' links are added to the site menu via > site.xml, but that does not appear to be the case for the > 'security-reports.html' links. > > Does anyone know how these get added? > > Note, it would probably be a good idea to standardise on the placement > of the links in the menu. > Just after Downloads is probably as good a place as any. >
How about having the list of vulnerabilities (that has to be managed "manually" anyways) part of the common "Commons" site? A link on each component's "sub-site" could refer back to that page but it should not be left to every component to design its "own" security listing. Note: On that page, there is this line Apache Commons BCEL Security Vulnerabilities linking to https://commons.apache.org/proper/commons-bcel/security.html that states For information about reporting or asking questions about security, please see the security page of the Apache Commons project. where "security page" links back to the common page. IMHO, all security issues should have one line on a single page, that line linking to a page with more details (such as links to CVE reports, commits, blog posts, ...). Regards, Gilles --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
