Hi, On Wed, Mar 20, 2019 at 10:43 PM Carlos Santana <[email protected]> wrote: > For security reports, ASF already have a process let's not improvise..
Agreed but it's fine for projects to have their own security page, as long as the ASF process is followed. >... Reported should send email to [email protected] ... It's also ok for projects to have their own security@ list, see https://sling.apache.org/project-information/security.html for an example. -Bertrand
