Bjørn Jørgensen created SPARK-38649:
---------------------------------------
Summary: Fix SECURITY.md
Key: SPARK-38649
URL: https://issues.apache.org/jira/browse/SPARK-38649
Project: Spark
Issue Type: Bug
Components: Documentation
Affects Versions: 3.4.0
Reporter: Bjørn Jørgensen
At [Github Security -> Security
policy|https://github.com/apache/spark/security/policy]
The info there does not tell users what to do, if they have found a security
issue.
The default text for this page is
"
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
"
We should change this to something like:
"
Reporting security issues
Apache Spark uses the standard process outlined by the Apache Security Team for
reporting vulnerabilities. Note that vulnerabilities should not be publicly
disclosed until the project has responded.
To report a possible security vulnerability, please email
secur...@spark.apache.org. This is a non-public list that will reach the Apache
Security team, as well as the Spark PMC.
For more info https://spark.apache.org/security.html
"
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
