On 9/2/21 3:06 PM, Eric Covener wrote:
> Since you are going through this I wanted to mention:
>
> I think the public doc we have should mention everything that's done
> during ther release, even the security stuff that is somewhat private.
> The ASF-wide security policy is already public
> (https://www.apache.org/security/committers.html) and this is just the
> mechanics of it for us.
>
> Anyone object? This way we have one linear place to point to.
+1 Looks sensible. The details of an actual security issue should not be public
until we make it so, but the procedure we use can be.
Regards
RĂ¼diger
