Hi PJ, I agree that there should be a section in podlings' reports that highlights <private/> security issues.
Regards, Craig > On Dec 13, 2023, at 05:22, PJ Fanning <fannin...@apache.org> wrote: > > Hi everyone, > > I'm wondering if podlings should include some details about their > security issues [1] in their 3 podling reports. We won't want to > release information about any security issues that are still under > investigation or where the fix is not yet released. I still think > there is little harm in podlings giving high level numbers and maybe > some indication of how quickly security issues are being dealt with. > > I've seen evidence that some TLPs are unaware of the importance of > dealing quickly with security reports and I think the Incubator team > could help with ensuring that podlings are aware of the requirements. > > I will certainly be having a close look at a podling's record of > handling security reports when it comes to discussions about > graduation. > > I'm wondering if we could have some consensus on what is expected of podlings. > > Regards, > PJ > > [1] https://www.apache.org/security/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > Craig L Russell c...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
