eladkal commented on issue #44844: URL: https://github.com/apache/airflow/issues/44844#issuecomment-2537929787
> Do you really want everyone that runs a scan on Airflow to contact the security email address to ask this question? Our policy states that we do not accept reports of automated scans. If you believe Airflow is affected by any security issue you should report to the security email address with clear explnation of what the risk is and how it can be exploited. If you can't specify how it can be exploited the report will be automatically rejected. There are dozens of automated tools that generated many false report and there are many people who reports thoughts/concerns/questions we as open source project that is consistent mostly with volunteers can not triage and handle such traffic volume so we expect the reporter to do the extra mile and verify that the problem being reported is real. You are also very welcome to raise your thoughts on the poicy itself with the same email if you believe it should change and can offer reasoning for it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org