On 02/08/17 17:48, Dave Fisher wrote: > Hi, > > I just now noticed while looking at a podling's maturity evaluation that > the requirement Q030[1] has an issue. The podling stated that security > issues are submitted to JIRA! The wording on the model needs to be > updated so that it is clear that the reporting of a security issue must > be by an secure channel. > > I think that Q030 be updated to include the word “secure” between > well-documented and channel: > > The project provides a well-documented *_secure_* channel to report > security issues, along with a documented way of responding to them > > Any objections?
"secure, non-public" ? Mark > > Regards, > Dave > > [1] > http://community.apache.org/apache-way/apache-project-maturity-model.html --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
