[jira] [Created] (NIFI-9619) Remove GPG key from Security Disclosure details

David Handermann (Jira) Fri, 21 Jan 2022 13:53:04 -0800

David Handermann created NIFI-9619:
--------------------------------------

             Summary: Remove GPG key from Security Disclosure details
                 Key: NIFI-9619
                 URL: https://issues.apache.org/jira/browse/NIFI-9619
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Documentation &amp; Website
            Reporter: David Handermann
            Assignee: David Handermann



The Security Vulnerability Disclosure instructions reference a GPG key 
fingerprint for secur...@nifi.apache.org as an option for reporting sensitive 
information. The public key associated with the fingerprint expired on 
2021-03-23.  The difficulty of sharing a GPG private key with all members of 
the PMC outweighs the potential benefit of supporting this method of 
vulnerability reporting. For these reasons, the GPG key fingerprint should be 
removed from the Security Vulnerability Disclosure instructions.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (NIFI-9619) Remove GPG key from Security Disclosure details

Reply via email to