EdColeman commented on code in PR #372: URL: https://github.com/apache/accumulo-website/pull/372#discussion_r1093828853
########## pages/contact-us.md: ########## @@ -12,6 +12,25 @@ Below are ways to get in touch with the Apache Accumulo community. Accumulo uses GitHub issues to track bugs and new features. Visit [How to contribute](/how-to-contribute) for more information. +## Security Issues (CVE) + +We strongly encourage reporting potential security issues by privately emailing `[email protected]` or +`[email protected]` + +Do not make information about the vulnerability public until it is formally announced by the Accumulo community. +That means, for example, that you should not create a public GitHub issue, since those would make the issue public. +GitHub pull requests and any messages associated with any commits should not make any reference to the security nature +of the commit. Review Comment: I added a do not list - I wanted to keep the general process because that mirrors the text from ASF security with Accumulo substituted where appropriate. I did not want to stray too far from the standard process to show that we are following the ASF policies and eliminate any confusion or conflict. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
