Hello everyone, As you likely know we've been busy forming a new [email protected] team and we not only started to work on fixing security issues, but also started to discuss how to generally improve security communication with the users and security researchers.
One of the proposals we came up with was to update description of the security model we had and make it more explicit of what kind of users there are, what are their capabilities and what both users and security researchers can expect - both from providing the security to our users, as well as information that will let security researchers to classify potential vulnerabilities they find. I captured the proposal and ideas that we were discussing in this PR: https://github.com/apache/airflow/pull/32098 and since there is nothing "secret" in there, I think it is a good idea to open it up to airflow community for comments and feedback. I tried to describe the context and reasoning in the "description" of the PR, and I proposed to split the content in the way that makes most sense -> how to raise security issues and processes in github, and information about the security model from the user's perspective in our website. Looking forward to feedback and comments! J.
