dlmarion commented on code in PR #372: URL: https://github.com/apache/accumulo-website/pull/372#discussion_r1093762819
########## pages/contact-us.md: ########## @@ -12,6 +12,25 @@ Below are ways to get in touch with the Apache Accumulo community. Accumulo uses GitHub issues to track bugs and new features. Visit [How to contribute](/how-to-contribute) for more information. +## Security Issues (CVE) + +We strongly encourage reporting potential security issues by privately emailing `[email protected]` or +`[email protected]` + +Do not make information about the vulnerability public until it is formally announced by the Accumulo community. +That means, for example, that you should not create a public GitHub issue, since those would make the issue public. +GitHub pull requests and any messages associated with any commits should not make any reference to the security nature +of the commit. + +The Accumulo project follows the standard ASF vulnerability handling process as outlined at [ASF Security Team](https://www.apache.org/security/#asf-security-team) Review Comment: ```suggestion The Accumulo project follows the standard [ASF vulnerability handling](https://www.apache.org/security/#asf-security-team) process as outlined by the ASF Security Team. ``` ########## pages/contact-us.md: ########## @@ -12,6 +12,25 @@ Below are ways to get in touch with the Apache Accumulo community. Accumulo uses GitHub issues to track bugs and new features. Visit [How to contribute](/how-to-contribute) for more information. +## Security Issues (CVE) + +We strongly encourage reporting potential security issues by privately emailing `[email protected]` or +`[email protected]` + +Do not make information about the vulnerability public until it is formally announced by the Accumulo community. +That means, for example, that you should not create a public GitHub issue, since those would make the issue public. +GitHub pull requests and any messages associated with any commits should not make any reference to the security nature +of the commit. Review Comment: May want to also mention that they should not email the mailing lists or mention it on Slack. It might be easier to turn this into a list of the things not to do: 1. Do not email the user or dev mailing lists 2. Do not send a message via Slack 3. Do not create a GitHub issue 4. Do not create a GitHub pull request ########## pages/contact-us.md: ########## @@ -12,6 +12,25 @@ Below are ways to get in touch with the Apache Accumulo community. Accumulo uses GitHub issues to track bugs and new features. Visit [How to contribute](/how-to-contribute) for more information. +## Security Issues (CVE) + +We strongly encourage reporting potential security issues by privately emailing `[email protected]` or +`[email protected]` + +Do not make information about the vulnerability public until it is formally announced by the Accumulo community. +That means, for example, that you should not create a public GitHub issue, since those would make the issue public. +GitHub pull requests and any messages associated with any commits should not make any reference to the security nature +of the commit. + +The Accumulo project follows the standard ASF vulnerability handling process as outlined at [ASF Security Team](https://www.apache.org/security/#asf-security-team) + +An overview the process is: Review Comment: ```suggestion An overview of the process is: ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
