eladkal commented on issue #44844:
URL: https://github.com/apache/airflow/issues/44844#issuecomment-2537929787

   > Do you really want everyone that runs a scan on Airflow to contact the 
security email address to ask this question?
   
   Our policy states that we do not accept reports of automated scans. If you 
believe Airflow is affected by any security issue you should report to the 
security email address with clear explnation of what the risk is and how it can 
be exploited. If you can't specify how it can be exploited the report will be 
automatically rejected. There are dozens of automated tools that generated many 
false report and there are many people who reports thoughts/concerns/questions 
we as open source project that is consistent mostly with volunteers can not 
triage and handle such traffic volume so we expect the reporter to do the extra 
mile and verify that the problem being reported is real.
   
   You are also very welcome to raise your thoughts on the poicy itself with 
the same email if you believe it should change and can offer reasoning for it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to