[
https://issues.apache.org/jira/browse/SINGA-417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16825124#comment-16825124
]
ASF subversion and git services commented on SINGA-417:
-------------------------------------------------------
Commit 1858046 from Moaz Reyad in branch 'site/trunk'
[ https://svn.apache.org/r1858046 ]
SINGA-417 Adding Security Channel
> Adding security channel
> -----------------------
>
> Key: SINGA-417
> URL: https://issues.apache.org/jira/browse/SINGA-417
> Project: Singa
> Issue Type: New Feature
> Components: Documentation
> Reporter: Moaz Reyad
> Priority: Blocker
>
> According to the [Apache Project Maturity
> Model|https://community.apache.org/apache-way/apache-project-maturity-model.html]:
> ??QU30: The project provides a well-documented, secure and private channel to
> report security issues, along with a documented way of responding to them.??
> ??Apache projects can just point to [http://www.apache.org/security/] or use
> their own security contacts page, which should also point to that.??
> This issue can be solved simply by adding a link to Apache Security page to
> SINGA website.
> However, I would also suggest to :
> # create a sub team in SINGA (even starting with one person) for security
> # ask for an email security@singa.apache for project security contacts
> # create a new page for security in SINGA website
> # add SINGA security team (page and email) to [ASF Project Security
> Information page|https://www.apache.org/security/projects.html]
> Machine learning systems like SINGA may work with sensitive data (e.g.
> medical data, finance, etc.) and SINGA provides distributed training where
> data and models can be shared in a network. If SINGA security team provides
> details to ensure the best security practices, this can be an important
> feature to show in SINGA now or in a future release.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
