[Moving to Hadoop dev mailing list] Hi Sean,
I made the announcement in the mail groups that are listed here[1]. The cveprocess website[2] only has the provision to send to the following mail groups - 1. oss-secur...@lists.openwall.com 2. annou...@apache.org 3. dev@hadoop.apache.org 4. secur...@apache.org I'm not sure if there's a way to add more mail groups while making the announcement. [1]=https://www.apache.org/security/committers.html#announce [2]=https://cveprocess.apache.org/ On Sat, 9 Apr 2022 at 04:41, Wei-Chiu Chuang <weic...@apache.org> wrote: > Sean, I think this topic can be discussed in the public dev mailing lists. > Security@ is for reporting vulnerabilities. > > On Sat, Apr 9, 2022 at 4:30 AM Sean Busbey <bus...@apache.org> wrote: > >> I couldn't find a checklist for how we handle security announcements. >> Could someone point me at it or confirm we don't have one? >> >> CVE-2022-26612 just went out and I saw an announcement on >> general@hadoop and a couple of other lists, but >> >> * nothing on the hadoop user mailing lists >> * nothing on the hadoop CVE page >> * nothing on announce@apache >> >> Before I started chasing down these gaps I wanted to make sure we have >> a repeatable set of steps that includes them. >> >> --busbey >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: security-unsubscr...@hadoop.apache.org >> For additional commands, e-mail: security-h...@hadoop.apache.org >> >>
