On 1/15/15 3:47 AM, Bertrand Delacretaz wrote: > On Wed, Jan 14, 2015 at 8:29 PM, Phil Steitz <phil.ste...@gmail.com> wrote: >> ...QO30 - do we really want individual projects to have / advertise >> their own ways to take security reports?... > We do not want that, agreed, but as I want the model to be usable by > non-Apache projects as well I'm trying to focus on the core principles > in the model, and leave the Apache specifics to footnotes.
Oh, sorry I missed that. > > I have added a footnote to QU30 that points to > http://www.apache.org/security/ as the default, does that work for > you? > > Sling for example has > http://sling.apache.org/project-information/security.html which is a > bit more Sling-specific and also points to > http://www.apache.org/security/ Yes that is fine. Thanks! Phil > > -Bertrand >
