potiuk opened a new pull request, #375: URL: https://github.com/apache/airflow-steward/pull/375
## Summary Two refinements to `tools/gmail/asf-relay.md` per feedback from Arnout Engelen (ASF Security, `@raboof`) on a real relay we sent for `GHSA-2vgv-x9xr-7gfj` / `CVE-2026-49296`: 1. **Clickable external-reference URL** (full GHSA / HackerOne URL, not just the ID) on its own line. 2. **Reporter-facing content as a paste-ready block** in the reporter's voice, addressed to them and signed by the project — instead of third-person *"could you pass to <reporter> that …"* phrasing. Together they cut the forwarder's round-trip to one forward-and-paste action and let us control the reporter-facing wording. ## Test plan - [ ] Next ASF-security relay reply sent through the framework follows the new shape - [x] Verbatim Arnout-feedback message preserved as the doc's source note ## Notes for reviewers - Doc-only change; no skill code touched. - Same drafting shape now reaches both \`security-issue-import\` (initial receipt-confirmation drafts) and \`security-issue-sync\` (later status-update / CVE-allocation / release-shipped drafts) since both load this file via the rules-pointer pattern. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
