[
https://issues.apache.org/jira/browse/HBASE-30181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18085235#comment-18085235
]
Hudson commented on HBASE-30181:
--------------------------------
Results for branch master
[build #84 on
builds.a.o|https://ci-hbase.apache.org/job/HBase-Integration-Test/job/master/84/]:
(/) *{color:green}+1 overall{color}*
----
details (if available):
(/) {color:green}+1 client integration test for 3.3.5 {color}
(/) {color:green}+1 client integration test for 3.3.5 with shaded hadoop
client{color}
(/) {color:green}+1 client integration test for 3.3.6 {color}
(/) {color:green}+1 client integration test for 3.3.6 with shaded hadoop
client{color}
(/) {color:green}+1 client integration test for 3.4.0 {color}
(/) {color:green}+1 client integration test for 3.4.0 with shaded hadoop
client{color}
(/) {color:green}+1 client integration test for 3.4.1 {color}
(/) {color:green}+1 client integration test for 3.4.1 with shaded hadoop
client{color}
(/) {color:green}+1 client integration test for 3.4.2 {color}
(/) {color:green}+1 client integration test for 3.4.2 with shaded hadoop
client{color}
(/) {color:green}+1 client integration test for 3.4.3 {color}
(/) {color:green}+1 client integration test for 3.4.3 with shaded hadoop
client{color}
> Add SECURITY.md pointing at security-model + reporting flow
> -----------------------------------------------------------
>
> Key: HBASE-30181
> URL: https://issues.apache.org/jira/browse/HBASE-30181
> Project: HBase
> Issue Type: Task
> Components: community
> Reporter: Jarek Potiuk
> Assignee: Jarek Potiuk
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0-alpha-1
>
>
> Adds a canonical discoverability chain for the project's security
> model:
> AGENTS.md -> SECURITY.md -> https://hbase.apache.org/security-model/
> Two files touched in PR https://github.com/apache/hbase/pull/8275 :
> - New SECURITY.md at the repo root - short pointer to the
> published model at https://hbase.apache.org/security-model/
> and to the [email protected] reporting flow.
> - AGENTS.md Security Model section updated to route through
> SECURITY.md (same target URL on the other end).
> Two practical drivers:
> 1. GitHub's "Report a vulnerability" UI affordance surfaces
> the contents of SECURITY.md at the repo root. Without one,
> well-meaning reporters file public issues against perceived
> security gaps.
> 2. Agent-driven security tooling discovery - the ASF Security
> team's coordinated scan tooling looks for threat-model
> references through the AGENTS.md -> SECURITY.md -> published
> model chain.
> Filed at the request of the HBase PMC on the [GLASSWING] thread
> on [email protected] (Andrew Purtell asked us to open
> the PR; Duo Zhang requested the JIRA-id retitling per HBase
> convention).
> This issue exists purely to satisfy the HBase JIRA-id-in-title
> convention; no code or behavior change beyond the PR.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
