Hi all I was just browsing the security pages of some ASF projects and the guidelines set by our security team[1] (preparing a talk, not because there was any issue) and realized Commons didn't have a page describing how to report security issues.
Since I'm the one who created the page for Compress[2] by mostly copying the Tomcat page in 2012 I know at least one component has such a page. FileUpload which fixed a security issue with the 1.3.1 doesn't have a page of its own. I'd like to create a top level page for Commons about reporting security issues. Basically I'd take the "Reporting New Security Problems" and "Errors and Ommissions" sections from Compress' page and add a section linking to component specific subpages as they exist. I'd like to see this page linked in either the "Commons" or "General Information" section of the navigation (which probably means doing something with parent, I'll need to sort this out). Comments? Stefan [1] http://www.apache.org/security/committers.html [2] http://commons.apache.org/proper/commons-compress/security.html --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
