[Moving to Hadoop dev mailing list] Hi Sean,
I made the announcement in the mail groups that are listed here[1]. The cveprocess website[2] only has the provision to send to the following mail groups - 1. [email protected] 2. [email protected] 3. [email protected] 4. [email protected] I'm not sure if there's a way to add more mail groups while making the announcement. [1]=https://www.apache.org/security/committers.html#announce [2]=https://cveprocess.apache.org/ On Sat, 9 Apr 2022 at 04:41, Wei-Chiu Chuang <[email protected]> wrote: > Sean, I think this topic can be discussed in the public dev mailing lists. > Security@ is for reporting vulnerabilities. > > On Sat, Apr 9, 2022 at 4:30 AM Sean Busbey <[email protected]> wrote: > >> I couldn't find a checklist for how we handle security announcements. >> Could someone point me at it or confirm we don't have one? >> >> CVE-2022-26612 just went out and I saw an announcement on >> general@hadoop and a couple of other lists, but >> >> * nothing on the hadoop user mailing lists >> * nothing on the hadoop CVE page >> * nothing on announce@apache >> >> Before I started chasing down these gaps I wanted to make sure we have >> a repeatable set of steps that includes them. >> >> --busbey >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >>
