Thank you for your suggestion, Lari.
I opened a PR to add a SECURITY.md file:
https://github.com/apache/pulsar/pull/10829. Note that I decided to use 12
months instead of 18 for our support window. I describe why in the PR.
I am hoping this concrete step will push us toward a concrete solution.
P
LGTM +1
PIP-47 itself also has this scenario consideration.
We can quickly iterate through small versions to quickly
respond to problems that may occur in each major version,
and we can submit patches for major versions at any time.
--
Thanks
Xiaolong Ran
Michael Marshall 于2021年5月28日周五 上午5:4
+1.
I think these are great suggestions.
--
Devin G. Bost
On Mon, May 31, 2021, 2:30 AM Lari Hotari wrote:
> > The PMC can also assign members to a secur...@pulsar.apache.org mailing
> list.
>
> +1 for this plan.
>
> BR, Lari
>
>
> On Fri, May 28, 2021 at 2:24 AM Dave Fisher wrote:
>
> >
> >
> The PMC can also assign members to a secur...@pulsar.apache.org mailing
list.
+1 for this plan.
BR, Lari
On Fri, May 28, 2021 at 2:24 AM Dave Fisher wrote:
>
>
> Looking at this as a PMC member who has had to triage security for a very
> widely downloaded and old project codebase (OpenOffic
Dave
Il giorno ven 28 mag 2021 alle ore 01:24 Dave Fisher
ha scritto:
>
>
>
> > On May 27, 2021, at 2:49 PM, Michael Marshall wrote:
> >
> > Hi Pulsar Community,
> >
> >
> > I would like to discuss defining and documenting a process for an official
> > Pulsar version EOL policy. This process wil
+1 , Thanks for the suggestion, Michael.
I hope we can get the security policy documented for Apache Pulsar asap.
GitHub suggests adding a SECURITY.md file to the repository.
When committers go to https://github.com/apache/pulsar/security , the UI
suggests "Setup a security policy":
[image: image
> On May 27, 2021, at 2:49 PM, Michael Marshall wrote:
>
> Hi Pulsar Community,
>
>
> I would like to discuss defining and documenting a process for an official
> Pulsar version EOL policy. This process will help users know when the
> version they are running will no longer be supported with
Hi Pulsar Community,
I would like to discuss defining and documenting a process for an official
Pulsar version EOL policy. This process will help users know when the
version they are running will no longer be supported with security patches.
After the recent announcement of CVE-2021-22160, I loo
