Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

cederom commented on PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#issuecomment-3719769774

   WWW updates and fixes ready for review here 
https://github.com/apache/nuttx-website/pull/162 thanks @raboof :-)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

cederom commented on PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#issuecomment-3716048915

   Big thank you @raboof for all of your support :-) Will update the website in 
a free moment good idea! :-)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

raboof commented on PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#issuecomment-3714590816

   (I updated the links at https://security.apache.org/projects/)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

raboof commented on PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#issuecomment-371441

   Great! You might also want to point the 'Security' link in the menu of your 
website to https://nuttx.apache.org/docs/latest/security.html instead of 
https://www.apache.org/security/ , to make the NuttX-specific instructions more 
prominent.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

xiaoxiang781216 merged PR #17583:
URL: https://github.com/apache/nuttx/pull/17583


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

cederom commented on PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#issuecomment-3708065984

   Okay, details updated, mailing list creation requested, ready for review and 
merge, thank you! :-)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

cederom commented on code in PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#discussion_r2659647052


##
Documentation/security.rst:
##
@@ -0,0 +1,158 @@
+
+Security
+
+
+.. toctree::
+
+Known vulnerabilities
+=
+
+Apache NuttX RTOS vulnerabilities are labelled with CVE (Common
+Vulnerabilities and Exposures) identifiers. List of known, responsibly
+disclosed, and fixed vulnerabilities are publicly available online at
+`CVE.ORG `_.
+Offline bundled version is located at the bottom of this page in the

Review Comment:
   list of existing cves added :-)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

cederom commented on code in PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#discussion_r2659646592


##
Documentation/security.rst:
##
@@ -0,0 +1,158 @@
+
+Security
+
+
+.. toctree::
+
+Known vulnerabilities
+=
+
+Apache NuttX RTOS vulnerabilities are labelled with CVE (Common
+Vulnerabilities and Exposures) identifiers. List of known, responsibly
+disclosed, and fixed vulnerabilities are publicly available online at
+`CVE.ORG `_.
+Offline bundled version is located at the bottom of this page in the
+`NuttX CVEs`_ section.
+
+Reporting Vulnerabilities
+=
+
+Security related issues are handled in compliance with
+`The Apache Security Team Guide `_
+and `Apache Committers Security Guide
+`_.
+Please read these documents carefully before submitting and/or
+handling a security vulnerability.
+
+.. warning::
+  Do not enter details of security vulnerabilities in a project's public
+  bug tracker, issues, or pull requests. Do not make information about
+  the vulnerability public until it is formally announced at the end
+  of this process. Messages associated with any commits should not make
+  any reference to the security nature of the commit.
+
+
+Below is an extract of the most important information:
+
+1. Please report potential security vulnerabilities over email to
+   secur...@apache.org and secur...@nuttx.apache.org **before disclosing

Review Comment:
   list created at https://selfserve.apache.org/ :-)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] docs/security: Add Security section to the documentation. [nuttx]

[via GitHub]

cederom commented on code in PR #17583:
URL: https://github.com/apache/nuttx/pull/17583#discussion_r2659635715


##
Documentation/security.rst:
##
@@ -0,0 +1,158 @@
+
+Security
+
+
+.. toctree::
+
+Known vulnerabilities
+=
+
+Apache NuttX RTOS vulnerabilities are labelled with CVE (Common
+Vulnerabilities and Exposures) identifiers. List of known, responsibly
+disclosed, and fixed vulnerabilities are publicly available online at
+`CVE.ORG `_.
+Offline bundled version is located at the bottom of this page in the
+`NuttX CVEs`_ section.
+
+Reporting Vulnerabilities
+=
+
+Security related issues are handled in compliance with
+`The Apache Security Team Guide `_
+and `Apache Committers Security Guide
+`_.
+Please read these documents carefully before submitting and/or
+handling a security vulnerability.
+
+.. warning::
+  Do not enter details of security vulnerabilities in a project's public
+  bug tracker, issues, or pull requests. Do not make information about
+  the vulnerability public until it is formally announced at the end
+  of this process. Messages associated with any commits should not make
+  any reference to the security nature of the commit.
+
+
+Below is an extract of the most important information:
+
+1. Please report potential security vulnerabilities over email to
+   secur...@apache.org and secur...@nuttx.apache.org **before disclosing

Review Comment:
   vote finished with approval, I will create the security@ mailing list today 
and we may merge this PR, thank you :-)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org