Hi Roman, Thanks for your comments. I have added HAWQ security reports section in HAWQ wiki page <https://cwiki.apache.org/confluence/display/HAWQ/Contributing+to+HAWQ>according to your comments. Please feel free to review the changes and add the security mailing list for hawq in https://www.apache.org/security/projects.html.
Regards, Amy On Mon, Feb 13, 2017 at 9:20 AM, Roman Shaposhnik <[email protected]> wrote: > On Fri, Feb 10, 2017 at 5:35 PM, stanly sheng <[email protected]> > wrote: > > When HAWQ team commit the fix, everyone can see the commits even no > > references. Will this make the security issue public if the fix is very > > simple ? > > True, but that's the only way to deal with this. This is why you MUST > commit > and immediately do a release. In fact, your release artifacts should really > be staged when you're doing a commit so you can push a release out ASAP. > > Thanks, > Roman. >
