The following page provides more information https://www.apache.org/security/committers.html The project security page is suggested.
Eduardo Quintanilla Software Developer Block Networks -----Original Message----- From: Geertjan Wielenga <[email protected]> Sent: jueves, 31 de enero de 2019 9:32 a. m. To: dev <[email protected]> Subject: Re: Ready for Review: Apache NetBeans Maturity Model Assessment That is very closely read, i.e., that's the one item I was least confident about. On the other hand, here's the security page of one the other Apache projects, which doesn't say much more than the official Apache security page contains: http://servicecomb.apache.org/security/ Though, indeed, having our own security page with a list of CVE-s could be good, though I feel what is there, given the above page not being much more, is sufficient -- unless there is strong objection? Gj On Thu, Jan 31, 2019 at 4:18 PM Laszlo Kishalmi <[email protected]> wrote: > Dear Geertjan, community, > > On QU30. The project provides a well-documented channel to report > security issues, along with a documented way of responding to them. > > The: "Website provides a link in the footer to the Apache Security > page <https://www.apache.org/security/>." I guess satisfies the > criteria, though shouldn't have we have an own security page, listing > our CVE-s and how to address them, then a link from there to the > Apache Security page? > > On 1/31/19 4:57 AM, Geertjan Wielenga wrote: > > Hi all, > > > > As part of the process to move us out of the Apache Incubator, we > > need to do a self-analysis of our maturity as an Apache project. > > > > I have completed the self-analysis here: > > > > > https://cwiki.apache.org/confluence/display/NETBEANS/Apache+Maturity+M > odel+Assessment+for+NetBeans > > > > Comments are welcome and needed! > > > > Feel free to respond in this thread with caveats, thoughts, > > additions, comments, insights, etc. > > > > Thanks, > > > > Gj > > >
