Thanks for your reply, Yu. I am fine with separating the information in the "Security Policy and Supported Versions" page.
First, I think it would make sense to add "reporting a vulnerability" information anywhere that our documentation has contact info (many of the pages you reference have their security contact info in the contact section). I submitted a PR for this here [0]. We can also have this information on the "Contribution" page. Apache Spark's website is another one we could consider. Their website has their versioning policy information under a "Developers" tab at the top of the website [2]. That tab also has a security page that includes previous CVEs and information on how to report a vulnerability. I am not sure that we need a "developers" tab, but I like the idea of having dedicated pages for security and for versioning policy. Both pages will have important information that users should be able to easily find. > 2.4 Move the "Versioning Policy" and "Supported Versions" sections to the > "PIP 47: Time Based Release Plan" page [7] since they are more relevant. I think all of this information (including the PIP 47 information) should live on the website, not on the GitHub wiki. I would prefer to have a "Release Plan" that is independent from a single PIP so that it can be easier to make updates to the release plan, as needed. Notice that the Apache Spark website's Versioning Policy page also has a section for "Release Cadence". My preference is to add a new button somewhere (it could be in the "Community" drop down or in another one) that has buttons for our "Versioning Policy" and for our "Release Process". Thanks, Michael [0] https://github.com/apache/pulsar/pull/14610 [1] https://spark.apache.org/versioning-policy.html On Sun, Feb 27, 2022 at 9:25 PM Yu <li...@apache.org> wrote: > > Hi Michael, > > Thanks for your contribution! > > 1 "Security Policy and Supported Versions" is shown on the Pulsar website > [1] > 1.1 It is in "master" (site2/docs) rather than a versioned section. > 1.2 Some contents are not shown correctly. It is strongly recommended that > RUN A LOCAL PREVIEW BEFORE SUBMITTING DOCS [2]. > > 2. As for the place, it makes more sense to separate the whole page into > several places because each of them belongs to different parts, so my > suggestions are: > > 2.1 If we want to improve "security" visibility: > 2.1.1 Create an independent page named "Project info" under the "Community" > page. > 2.1.2 Create a "Security" section on the "Project info" page and add > security-related info. > 2.1.3 Move less frequently used items (eg. Contact, Coding guide, Twitter, > Wiki, Issue tracking, Resources, Team) under the "Project info" page. Leave > "Contributing" and "Pulsar Summit" under the "Community" drop-down list. > > 2.2 Move the "Reporting a Vulnerability" section to the "Contribution" > guide [3] since it instructs users how to make a contribution. > Similar cases: Cassandra [4], RabbitMQ [5], Trino [6]. > > 2.3 Remove the "Using Pulsar's Security Features" section since it does not > provide additional info (or move this section elsewhere). > > 2.4 Move the "Versioning Policy" and "Supported Versions" sections to the > "PIP 47: Time Based Release Plan" page [7] since they are more relevant. > Besides, we're considering improving the Pulsar release note page [8], it > is possible to add explanations for "release naming" [9] (somehow = the > "Versioning Policy" section) there later. > > [1] > https://pulsar.apache.org/docs/en/next/security-policy-and-supported-versions/ > [2] https://github.com/apache/pulsar/tree/master/site2#website > [3] https://pulsar.apache.org/en/contributing/ > [4] https://cassandra.apache.org/_/community.html#how-to-contribute > [5] https://www.rabbitmq.com/#community > [6] https://trino.io/community.html > [7] https://github.com/apache/pulsar/wiki/PIP-47%3A-Time-Based-Release-Plan > [8] > https://docs.google.com/document/d/1mYCzS1ffssPP-WUKsfXprWzqu-7DD7c6yTyq3VIRUZg/edit#heading=h.x59j1xzdb0kz > [9] https://www.cockroachlabs.com/docs/releases/index.html#release-naming > > > On Sat, Feb 26, 2022 at 4:22 AM Michael Marshall <mmarsh...@apache.org> > wrote: > > > Hi Pulsar Community, > > > > I recently contributed a "Security Policy and Supported Versions" page > > to our website [0]. I just noticed that it is not yet showing up on > > the website because it is in the versioned section of the > > documentation. I think it would make sense to move this page location > > so that it is not versioned, since its content is independent of the > > Pulsar version, but I'm not sure where it should go. > > > > Is there a good place we can put the page? I could see adding a button > > in the "Community" drop down tab at the top of the page. I could also > > see adding a "Security" tab in the top bar. I am open to suggestions. > > > > My main priority is that users should be able to easily discover this > > important content. > > > > Thanks, > > Michael > > > > [0] https://github.com/apache/pulsar/pull/10829 > >
