pankajkoti commented on code in PR #36049: URL: https://github.com/apache/airflow/pull/36049#discussion_r1413792094
########## CONTRIBUTING.rst: ########## @@ -216,6 +216,45 @@ There are certain expectations from the members of the security team: `Severity Rating blog post <https://security.apache.org/blog/severityrating/>`_ by the Apache Software Foundation Security team. +Periodic Security team rotation +------------------------------- + +Handling security issues is something of a chore, it takes vigilance, requires quick reaction and responses +and often requires to act outside of the regular "day" job. This means that not everyone can keep up with +being part of the security team for long while being engaged and active. While we do not expect all the +security team member to be active all the time, and - since we are volunteers, it's perfectly understandable +that work, personal life, family and generally life might not help with being active. And this is not a +considered as being failure, it's more stating the fact of life. + +Also prolonged time of being exposed to handling "other's" problems and discussing similar kinds of problem +and responses might be tiring and might lead to burnout. + +However, for those who have never done that before, participation in the security team might be an interesting +experience and a way to learn a lot about security and security issue handling. We have a lot of +established processes and tools that make the work of the security team members easier so this can be +treated as well as great learning experience for some community members. And knowing that this is not Review Comment: ```suggestion established processes and tools that make the work of the security team members easier, so this can be treated as a great learning experience for some community members. And knowing that this is not ``` ########## CONTRIBUTING.rst: ########## @@ -216,6 +216,45 @@ There are certain expectations from the members of the security team: `Severity Rating blog post <https://security.apache.org/blog/severityrating/>`_ by the Apache Software Foundation Security team. +Periodic Security team rotation +------------------------------- + +Handling security issues is something of a chore, it takes vigilance, requires quick reaction and responses +and often requires to act outside of the regular "day" job. This means that not everyone can keep up with +being part of the security team for long while being engaged and active. While we do not expect all the +security team member to be active all the time, and - since we are volunteers, it's perfectly understandable Review Comment: ```suggestion security team members to be active all the time, and - since we are volunteers, it's perfectly understandable ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org