[
https://issues.apache.org/jira/browse/HBASE-30130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18077902#comment-18077902
]
Hudson commented on HBASE-30130:
--------------------------------
Results for branch master
[build #1445 on
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1445/]:
(x) *{color:red}-1 overall{color}*
----
details (if available):
(x) {color:red}-1 general checks{color}
-- For more information [see general
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1445/General_20Nightly_20Build_20Report/]
(x) {color:red}-1 jdk17 hadoop3 checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1445/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
> Add a security-model section to the website
> --------------------------------------------
>
> Key: HBASE-30130
> URL: https://issues.apache.org/jira/browse/HBASE-30130
> Project: HBase
> Issue Type: Task
> Reporter: Andrew Kyle Purtell
> Assignee: Andrew Kyle Purtell
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0-alpha-1
>
>
> Add a "Security Model" page to the Apache HBase website, following the ASF
> Security Team's recommendation for projects to document their security
> assumptions.
> The page defines HBase's trust boundaries, explains that HBase's default
> unauthenticated configuration is intended only for development and testing,
> and clarifies security expectations for gateway services, coprocessors, web
> UIs, and transport encryption. It enumerates what constitutes a valid
> vulnerability versus what does not, providing clear guidance for operators,
> security researchers, and the ASF Security Team when triaging incoming
> reports.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
