[jira] [Commented] (NIFI-9619) Remove GPG key from Security Disclosure details

ASF subversion and git services (Jira) Fri, 21 Jan 2022 14:16:07 -0800


    [ 
https://issues.apache.org/jira/browse/NIFI-9619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480274#comment-17480274
 ]


ASF subversion and git services commented on NIFI-9619:
-------------------------------------------------------

Commit 3d05844b713142851584d4990da2828c81cc1cfa in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=3d05844 ]

NIFI-9619 Removed GPG key from Security Mailing List reporting

This closes #5702

Signed-off-by: David Handermann <exceptionfact...@apache.org>


> Remove GPG key from Security Disclosure details
> -----------------------------------------------
>
>                 Key: NIFI-9619
>                 URL: https://issues.apache.org/jira/browse/NIFI-9619
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation &amp; Website
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Trivial
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> The Security Vulnerability Disclosure instructions reference a GPG key 
> fingerprint for secur...@nifi.apache.org as an option for reporting sensitive 
> information. The public key associated with the fingerprint expired on 
> 2021-03-23.  The difficulty of sharing a GPG private key with all members of 
> the PMC outweighs the potential benefit of supporting this method of 
> vulnerability reporting. For these reasons, the GPG key fingerprint should be 
> removed from the Security Vulnerability Disclosure instructions.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (NIFI-9619) Remove GPG key from Security Disclosure details

Reply via email to