Hi everyone, I'm wondering if podlings should include some details about their security issues [1] in their 3 podling reports. We won't want to release information about any security issues that are still under investigation or where the fix is not yet released. I still think there is little harm in podlings giving high level numbers and maybe some indication of how quickly security issues are being dealt with.
I've seen evidence that some TLPs are unaware of the importance of dealing quickly with security reports and I think the Incubator team could help with ensuring that podlings are aware of the requirements. I will certainly be having a close look at a podling's record of handling security reports when it comes to discussions about graduation. I'm wondering if we could have some consensus on what is expected of podlings. Regards, PJ [1] https://www.apache.org/security/ --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
